Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:26 ADT
Cees de Groot (cg@evrl.xs4all.nl)
Tue, 31 Mar 1998 22:02:14 +0200
Ryan Lackey writes:
>> I got one of the ibuttons too. Just from the demos, I have some serious
>> reservations about it.
>
>I was somewhat privy to information about the demos before they happened.
>I was quite unimpressed by the demo concepts. I don't hold this against
>the technology, though.
>
Apart from the do's and dont's of iButton hacking, I think there's one
unique thing about the iButton: if you are a user and wear an iButton on
your keychain with which you get access to rooms and computers, you see
the thing as a key. I think most users tend to gard their hardware keys
better than their software keys (passwords), so for most environments
using the iButton as a token even without asking for a user response like
a PIN would likely to improve security. As usual, we're talking relative,
not absolute security here.
Two weeks ago I did a Crack 4.0 check on a password file from a large
workstation farm running the design software for a major components
manufacturing company - 37% of the passwords where weak. Even a suboptimal
iButton Java applet would do better than this. Anyway, I think there are
reasonably good protocols for the iButton to verify that it has been
attached to a (reasonably) secure machine (a single "network" public
key on the iButton would suffice for most application domains, I think).
-- Cees de Groot http://pobox.com/~cg <cg@pobox.com>
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:26 ADT