hmm.... so does this mean that we can't do better? Can we make the code on the smartcard someone's private or key? And, encrypt the auth over the wire somehow? so that no one could sniff the key off the wire...or if they do, they will only get the decrypted answer, which would do them no good on the next log-in.
could we make ltsp client simply ask card to use info on card to decrypt a string... but, no-one would be able to clone card, by extracting info off of it... You will have to forgive me. I am a complete newbie to smart cards used in this situation. I know one thing though... the smart card itself would always be the weak link... since, someone could steal it, and gain access to the network. I still think it would be something our administrators would like. ----- Original Message ----- From: "Jim Rees" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 20, 2002 3:18 PM Subject: Re: [Muscle] ltsp applications > Yeah, very impressive, except that it has no security. The client simply > reads a serial number off the card. There is no crypto, unless something > has changed since the first time we looked at this. > _______________________________________________ > Muscle mailing list > [EMAIL PROTECTED] > http://lists.musclecard.com/mailman/listinfo/muscle > _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
