Firewall Wizards mailing list archives
Re: SecureID vs Certificates
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Thu, 15 Feb 2001 15:47:16 -0500
Darren Reed wrote:
This talk has got me thinking...has anyone found a way to combine OTP's with digital certificates?
This is kind of what a smart card is all about. Do the signature on the card, so the secret never leaves it, etc. Amazingly cool technology but it's just never caught on particularly well here. It's also tough in security because when you say "smart card" people often hear "SecurID" - Security Dynamics' marketing folks did a good job of confusing the 2 technologies. A real smart card's a credit-card sized piece of plastic with a microprocessor embedded in it. There's a set of brass contacts that allow the microprocessor to draw power when it's plugged into an interface, and it can "talk" to the outside world through another set of contacts. Some of the fancier cards can run a little operating system inside, that acts as a "firewall" between a data area (organized like a disk) and the outside world, and even supports modular exponentiation in silicon. So all the capabilities necessary to have a really great 2-factor system are present, with the added advantage that you can have the secret part of an RSA key which never leaves the embedded microprocessor (barring extreme methods such as sanding off the top of the microchip and hitting it with an electron microscope, etc) mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SecureID vs Certificates Tony Miedaner (Feb 12)
- Re: SecureID vs Certificates George Capehart (Feb 13)
- Re: SecureID vs Certificates Crist Clark (Feb 14)
- Re: SecureID vs Certificates Darren Reed (Feb 15)
- Re: SecureID vs Certificates George Capehart (Feb 15)
- Re: SecureID vs Certificates Marcus J. Ranum (Feb 15)
- Re: SecureID vs Certificates Darren Reed (Feb 16)
- Re: SecureID vs Certificates beldridg (Feb 16)
- Re: SecureID vs Certificates Peter Lukas (Feb 16)
- Re: SecureID vs Certificates Crist Clark (Feb 14)
- Re: SecureID vs Certificates George Capehart (Feb 15)
- Re: SecureID vs Certificates Crist Clark (Feb 15)
- Re: SecureID vs Certificates George Capehart (Feb 13)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Volker Tanger (Feb 15)