On 16-09-11 01:32, Werner Almesberger wrote:
Bas Wijnen wrote:
That would also be possible, but it would be much less safe. The problem
is that the password is leaked over USB, and hardware sniffers are not
just a theoretical possibility.
The USB sniffer would work the same (if not better) with the keyboard
you'd use in the absence of an encrypted channel.
Indeed. I'm not saying that it presents a new risk, just that it is as
risky as using passwords has always been. And that means very risky.
Ideally, nobody uses passwords and
everything uses public key authentication.
Ah, I'm thinking more of things like Web sites that ask for a
password.
Right, and http doesn't even support public-key authentication. :-(
Of course, this could easily encompass solutions that
include a password on top of something else, e.g., the kind of
challenge-response authentication with a "pocket calculator" better
banks use.
The Ben could well be used for that. Actually, it can be much better,
because it can input a 200-character code instead of a 6-digit one.
Ben type them gives almost no security over typing them by hand, but it
does give the comfort of not having to type them. So it's not so much a
"safe", but more an "assistant". Which is useful as well. :-)
Comfort removed an impediment to the use of longer and more cryptic
passwords (harder to brute-force, if Eve gets her hands on the
password hashes).
That makes things a bit safer indeed. And with cryptographically
generated passwords, it even makes things real safe :-) But that
requires (web)server-side support, of course, and I don't think any
major website will feel comfortable requiring a Ben to log in to their
site. :-)
On the other hand, they may well consider the option of allowing such a
strong algorithm if there is a firefox-plugin to handle it. Using a Ben
instead of the firefox-plugin would then improve security without an
extra change to their site.
Conclusion, if you want this, write a firefox-plugin to support
public-key authentication and get big sites like facebook to use it for
their login system. :-)
Removing the screen-to-keyboard path also eliminates a number of
attacks, including the good old peek over the shoulder, all sorts of
keyboard monitoring, etc.
Yes. I'm not sure how large the problems are on that front, but I expect
them to be significant as well.
Of course, in exchange you get the problem of securing the path
between your Ben and your atusb, and also of making sure your atusb
hasn't been tempered with. (Tamper-proofing the Ben would also be an
issue, although separate from that of atusb.)
But that's a path that you control and can change to suit your needs.
Also, this isn't a real issue. If you are worried about people with
sniffing devices for such an obscure protocol, then you should
definitely use something better than passwords for authentication.
I don't like the need for batteries that this would imply. For the rest,
it would be cool. :-)
Maybe you could make it use something the size of the Ben's Li-Ion
battery. Still not perfect, but at least you'd be able to avoid
primary cells and you'd have a common form factor.
But also quite heavy for a controller that should record 3D movement
(that is, must be held in the air). I'd prefer a wire. But I'm sure
others would disagree. Whoever designs it can choose. :-)
Thanks,
Bas
_______________________________________________
Qi Hardware Discussion List
Mail to list (members only): [email protected]
Subscribe or Unsubscribe:
http://lists.en.qi-hardware.com/mailman/listinfo/discussion
