SJS wrote:
begin quoting Andrew Lentvorski as of Thu, Aug 28, 2008 at 08:37:43PM -0700:
An interesting question is: why doesn't the SecurID keyfob do this? It
seems like a vastly more secure procedure and you wouldn't have to
recall all the keyfobs. You could just generate new public keys.
I think it's because to make it work with a 9-digit (or so) display,
the key is so short so as to be useless. You want a sequence of
apparently-random numbers, using a family of prng algorithms.
Well, I don't mind the fob having a key. I just don't want a server
compromise to compromise my fob.
I'm thinking about how you reuse the fob. You only want one of these
things on your keychain, after all.
The 8051 I was looking at (TI CC111x series) actually has an AES engine
in it. But that doesn't help for public key algorithms.
-a
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
