No problem really. There is no need to have all the data being en/decrypted
in the cryptodevice (smartcard, clipper chip or whatever) at the same time.
The crypto algorithm on the device acts on either data blocks (eg 64-bits
for DES) or bit stream. so you need only move data stream in and out of the
device. The amount of data en/decrypted can be as large as needed.
Sakari
> -----Original Message-----
> From: C.M. Wong [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, October 01, 1999 7:41 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Private Wire Gateway
>
> And if you think carefully about it, if the private key is needed to
> decrypt
> a file/message, that's where the problem comes in... since all packets
> have
> to go in the smart card. A big file/or e-mail message would be a problem.
> I'm no app developer.. people may argue that there might be sucure ways of
> getting the private key out blah, blah. But the fact is, if it is so we
> might as well use floppies then <g>.
>
> Rgrds,
> Wong.
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Bennett Todd
> > Sent: Thursday, September 23, 1999 10:31 PM
> > To: Fabio Rocha
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Private Wire Gateway
> >
> >
> > 1999-09-23-09:59:08 Fabio Rocha:
> > > But I am not only looking for VPN tunneling, that I would be
> > able to do with
> > > IPSec on cisco routers as you mentioned.
> > >
> > > What I really need is strong user authentication. So we thought
> > in a product
> > > based on public key cryptography... Private Wire can store the
> > user private
> > > key on a password protected smartcard, we consider that strong
> > enough for
> > > our needs. This way, an intruder would have to steal a smart
> > card and also
> > > the user password which protect the keys inside.
> > >
> > > We are open to select another product with the same
> > characteristics... Do
> > > you have good experiences with any?
> >
> > I've not looked at smartcards, don't know what's available for them. I
> > personally strongly prefer hardened hosts; using an
> > allegedly-hardened card
> > when the host you plug it into cannot be presumed secure just
> > isn't a formula
> > for success.
> >
> > I tend to use ssh to let users tunnel in with strong auth and crypto.
> >
> > As ssh is open source, if there's a smart card implementation you like,
> I
> > wouldn't think it'd be hard to graft it in to ssh. And for all I
> > know people
> > might have grafted smart cards into IPSec tunneling.
> >
> > -Bennett
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
