Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19
John Moore (jmoore@speedchoice.com)
Thu, 1 Oct 1998 16:49:05 -0700
> -----Original Message-----
> From: Perry E. Metzger [mailto:perry@piermont.com]
>
> Encryption technology has many uses. Although you may be unfamiliar
> with the use of encryption for authentication, the developers of
> technologies like IPSec and SSH do not seem to have been ignorant
> of these techniques. MACs and digital signatures are hardly shocking
> and unknown technologies.
> The token isn't bonded to the person's skin. It is just as easily
> stolen as anything else -- like their laptop with their (encrypted)
> private key, say.
[...]
>
> Okay. So, we've changed the problem from stealing the laptop to
> stealing the token in the guy's wallet. Could you explain why this is
> better in some way?
>
>
Yes. The two fact works if the guy doesn't have a laptop. If he is using
some other system to make access (yes, I know, it could have a trojan in
it). Or, if he is using a shared system. In other words, one could consider
the securID token sort of like a portable key - it can significantly reduce
key/certificate management problems and increase security.
I might be at a friend's home and need secure access to a critical system.
How do I do that in a secure manner - for example, one that doesn't allow
him to simply grab my password and use it later?
What methodology verifies by both physical and secret-knowledge encryption?
How would you achieve this?
With a time-varying token, I know how to do this (understanding the
weaknesses of the system that have been posted here already).
John>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19