begin quoting Tracy R Reed as of Fri, Mar 17, 2006 at 09:16:24AM -0800: [snip] > don't see how. There would be a write-only file that you write your > encrypted private key to and then all of the processing is handled > inside the chip with the response to the challenge appearing in a file > to be read by the host.
Why bother with challenge-response? Why not just stream the data through the card? If you're going to bother doing encryption *anyway*, put a dedicated cryptographic processor on the card, and open a pair of two-way streams. (Presumably the simplest way would be four files... LOCAL-IN, LOCAL-OUT, REMOTE-IN, REMOTE-OUT, or somesuch.) That way, if you remove the card, you *know* the link is dead. Using an untrusted end-node is still disquieting, but not nearly as much as it would be otherwise. > Basically a smart card but in a usb form factor > that every machine can read since everyone has usb ports now. USB card readers are (well, can be) quite small. USB sticks aren't really that nice of a form-factor. Use a USB card reader to add functionality to systems that lack it, and more and more systems might well start shipping with readers built-in. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
