begin quoting Brad Beyenhof as of Fri, Aug 29, 2008 at 04:42:17PM -0700: > On Fri, Aug 29, 2008 at 8:56 AM, David Brown <[EMAIL PROTECTED]> wrote: > > I didn't realize we were designing a USB device. Does the design > > allow interaction with the host computer, or is it just to receive > > power? > > > > If it allows interaction, it doesn't even need a clock, since it can > > receive a challenge. Otherwise, it could just start doing the > > computation once it is connected. > > I know I'm getting into this late, but an interesting USB device for > this sort of thing is the YubiKey: > http://www.grc.com/sn/notes-143.htm > (link goes to Steve Gibson's Security Now! podcast discussing it) > > The YubiKey is a USB keyboard in a fob... it enters your (long) > one-time password for you when necessary.
Oh. Slick. Forget all that crap about having a filesystem and cutting-and-pasting. You could have this emit, without error, a sizable chunk of data encrypted with a private key. A large nonce, source IP address, etc. etc., plus a counter and/or timestamp... I never even thought about having the device pretend it's a computer. (Probably because I have some machines that Will Not Work With Multiple Mice Or Keyboards.) I'm a bit leery about their "one time passcode" phrasing. Still... cool. -- <neo>Whoa!</neo> Stewart Stremler -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
