nanog mailing list archives
Re: How to fix authentication (was LinkedIn)
From: Ben Jencks <ben () bjencks net>
Date: Thu, 21 Jun 2012 14:11:24 -0400
On Jun 21, 2012, at 12:15 PM, AP NANOG wrote:
What if, and I am brainstorming here, what if there was a hardware device which plugged in via USB. It was programed (i.e verified) in person, such as a key signing party. The serial number of the hardware device was all that is stored in the "verified" database with say a generic email created at that time with the domain of the verifying group. For example, your serial number is 12345, so the email would be generated as 12345 () foo com. This device is hardware encrypted, and stores your password (priv key) in a one way encryption. Then when you go to a website they can ask if you are verified by foo.com. The users selects yes, then the website pulls the public key at that time. Then asks you for your pin, password, pass-phrase, whatever, and at that time the users clicks a pretty eye candy button in the browser which looks for the USB device with the serial number from the database. Once found it then starts a secure tunnel such as VPN (can be anything just using it as a methodology), and no data is transmitted until the tunnel and DNSSEC has been established. Once established you can surf the site as normal. All these connections and tunnels being setup by the browser using two factor authentication. What you know being the public key with verification from foo.com, which was also verified in person with the foo.com email. What you have which is the hardware token, again serial number verified and encrypted. Combined to give you access and the browser does most the work.
That's basically the Yubikey. It uses a shared key, but since you're relying on a trusted third party anyway it's fine if they keep the key. When a Yubikey is manufactured the factory default key is stored in Yubico's public auth service database along with the serial number. Anyone on the internet can then ask the service "was this OTP in fact generated by serial number X?" If you don't trust Yubico's service you can program your own key into it and run your own verification service. The mechanics are different but I think the trust model is the same -- users get USB tokens identified only by serial number, and a third party service vouches that a signature/OTP was generated by a particular serial number. -Ben
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Michael Thomas (Jun 23)
- Re: LinkedIn password database compromised AP NANOG (Jun 20)
- How to fix authentication (was LinkedIn) Jay Ashworth (Jun 20)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 20)
- Re: How to fix authentication (was LinkedIn) valdis . kletnieks (Jun 20)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 20)
- RE: How to fix authentication (was LinkedIn) Drew Weaver (Jun 20)
- Re: How to fix authentication (was LinkedIn) Aaron C. de Bruyn (Jun 20)
- Re: How to fix authentication (was LinkedIn) Alexander Harrowell (Jun 21)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 21)
- Re: How to fix authentication (was LinkedIn) Ben Jencks (Jun 21)
- Re: How to fix authentication (was LinkedIn) Randy Bush (Jun 21)
- Re: How to fix authentication (was LinkedIn) Christopher Morrow (Jun 21)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 22)
- Re: How to fix authentication (was LinkedIn) Leo Bicknell (Jun 22)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 23)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 25)
- Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
- Re: LinkedIn password database compromised Dave Hart (Jun 21)
- Re: LinkedIn password database compromised Robert Bonomi (Jun 22)
- Re: LinkedIn password database compromised AP NANOG (Jun 22)