On 22.03.2006, at 22:51, Shawn Willden wrote:
Now, access to security-critical features on smart cards is
generally controlled by a PIN/password, but nearly all cards
remember their
authentication state. Indeed, they almost have to. This means
that once I
present my PIN to the card to, say, sign an e-mail, any other user
logged
onto my system can also use the credentials on my card.
One possible solution would be to connect to the card in exclusive
mode. This could work on windows/osx where the only connecting
application would be a crypto subsystem daemon for the given user,
and where applications talk to the system-wide crypto layer (CAPI/CDSA)
On linux/unix, where AFAIK most folks use pkcs#11 or something
similar (anyway where cards, via different API-s, talk to the card
directly) this is not possible.
m.
--
Martin Paljak / [EMAIL PROTECTED]
martin.paljak.pri.ee / ideelabor.ee
+372 515 64 95
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
