DJA wrote: > Having a valid key expresses possession, and only implies permission. > Requiring a secret passphrase for every access expresses permission (the > results of torture and/or maiming expressed earlier notwithstanding.
Right. I was assuming that the private key would be encrypted just like it normally is with ssh, gpg, ssl, keys etc. >> I think maybe what we need is a smart card that presents itself to the >> host machine as a USB stick. It has a file that you write a challenge >> into which gets processed by a cpu which has access to your private key >> and a file which the host computer can then read the response out of. > > Which of course has the same weaknesses of keys as well. The same weaknesses as just putting a private key on a USB drive? I don't see how. There would be a write-only file that you write your encrypted private key to and then all of the processing is handled inside the chip with the response to the challenge appearing in a file to be read by the host. Basically a smart card but in a usb form factor that every machine can read since everyone has usb ports now. -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
