On 07/01/2009 02:10 PM, Nicolas Williams wrote:
I should add that a hardware token/smartcard, would be even better, but the same issue arises: keep it logged in, or prompt for the PIN every time it's needed? If you keep it logged in then an attacker who compromises the system will get to use the token, which I bet in practice is only moderately less bad than compromising the keys outright.
Nominally, hardware token is "something you have" authentication. In many implementations, business rules are added to the chip for stuff like business requirements for multi-factor authentication (like in conjunction with PIN). The resulting situation is business rule/environment specific. In the late 90s, there was work on EU FINREAD standard for external trusted card-acceptor device ... that had trusted pin-entry and trusted display. The objective was countermeasure to lots of well known compromises of PCs (including keylogger ... implying that compromised PC could operate an external hardware token, even if PIN was required per transaction). A lot of this evaporated in the early part of this decade in the wake of with various troubles associated with hardware tokens. As an aside ... one of the things we did in the AADS patent portfolio was to remove business rules from the hardware token ... as part of enabling "person centric" operation (i.e. the same token might be used for lots of different environments ... as opposed to having hardware token for every unique business environment). An AADS hardware token can support both single-factor as well as multi-factor authentication operation ... but it is up to the business application interacting with the hardware token to indicate the amount of authentication & integrity (some assumption about "security proportional to risk" ... for instance, whether or not PIN might be required for every operation, or at all). -- 40+yrs virtualization experience (since Jan68), online at home since Mar1970 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
