On 9/15/06, Daniel Carosone <[EMAIL PROTECTED]> wrote:
But let's not also forget that these criticisms apply approximately equally to smart card deployments with readers that lack a dedicated pinpad and signing display.
This looks mildly interesting: http://www.projectblackdog.com/product.html I guess it uses an autorun file on Windows; I wonder whether most systems allow you to effectively launch X. The docs say it connects via ethernet over USB, so you're effectively a thin X client. Nice that it's open-source. Good idea, still vulnerable to software surveillance and host OS. No display. This looks more interesting: http://fingergear.com/bio_computer_on_a_stick.php This has a display, a fingerprint reader, runs Linux, has many common apps (office-compatible suite), IM, etc. More relevant to the list, it has a OTP generator, so this is effectively a security token. See: http://fingergear.com/faq1.php#4 Unfortunately, it looks like you can't reimage it without wiping everything, and then you lose the OS. I hope you can get a modifiable OS image and install it just as one would save data to the USB drive, but it could be impossible.
The worst cost for these more advanced methods may be in user acceptance: having to type one or more things into the token, and then the response into the computer. A USB connected token could improve on this by transporting the challenge and response, displaying the challenge while leaving the pinpad for authentication and approval.
I wonder if the ubiquitous fingerprint reader could replace the need for lots of buttons; controls tend to be the most expensive and fragile part of electronic devices. I wonder why nobody has an open-source cell phone that does voice recognition yet. That would seem to be the ideal solution, wouldn't it? You're already carrying one around, and you have a keypad for dialing (can be used for PIN), LCD panel for output, and if you have a fingerprint reader, enough juice to perform some crypto, and a USB or bluetooth connector (for storage and communication) it'd be perfect. -- "On the Internet noone knows you're a dog - except Bruce Schneier." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]