On 9/15/06, Daniel Carosone <[EMAIL PROTECTED]> wrote:
But let's not also forget that these criticisms apply approximately
equally to smart card deployments with readers that lack a dedicated
pinpad and signing display.

This looks mildly interesting:
I guess it uses an autorun file on Windows; I wonder whether most systems
allow you to effectively launch X.  The docs say it connects via ethernet
over USB, so you're effectively a thin X client.  Nice that it's open-source.

Good idea, still vulnerable to software surveillance and host OS.
No display.

This looks more interesting:


This has a display, a fingerprint reader, runs Linux, has many common apps
(office-compatible suite), IM, etc.  More relevant to the list, it has a OTP
generator, so this is effectively a security token.


Unfortunately, it looks like you can't reimage it without wiping
everything, and then you lose the OS.  I hope you can get a modifiable
OS image and install it just as one would save data to the USB drive,
but it could be impossible.

The worst cost for these more advanced methods may be in user
acceptance: having to type one or more things into the token, and then
the response into the computer.  A USB connected token could improve
on this by transporting the challenge and response, displaying the
challenge while leaving the pinpad for authentication and approval.

I wonder if the ubiquitous fingerprint reader could replace the need
for lots of buttons; controls tend to be the most expensive and fragile
part of electronic devices.

I wonder why nobody has an open-source cell phone that does voice
recognition yet.  That would seem to be the ideal solution, wouldn't
it?  You're already carrying one around, and you have a keypad for
dialing (can be used for PIN), LCD panel for output, and if you have
a fingerprint reader, enough juice to perform some crypto, and a USB
or bluetooth connector (for storage and communication) it'd be perfect.
"On the Internet noone knows you're a dog - except Bruce Schneier."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to