On 3/27/06, David Barrett <[EMAIL PROTECTED]> wrote: > ... > What are your thoughts on using PKI?
fine as long as trust and identity are properly implemented. physically hardened tokens are very good (ex: the rsa challenge / pin based token authenticator via radius) SPEKE and variants are also highly recommended in my book if you can use them in a secure context (that is, no rootkits and equivalents to capture passwords/phrases - a situation where single use passwords / bingo auth are helpful if secure hardware tokens are not feasible) > For example, create private keys (with no passwords) and put them in an > encrypted volume. Then use one strong password to unlock your encrypted > volume (and thus, unlock your private keys), and then SSH to everywhere else > securely. this works very well, and if you have hardware accelerated encryption it can be transparent. you can also pre distribute keys (public and secret) to the encrypted volumes you mount and run within (via a secure bootstrap of course...) [ see http://www.via.com.tw/en/initiatives/padlock/hardware.jsp ] i think this is a rich field of discovery when considering the user interface and authentication / session aspects of a secure system. best regards, _______________________________________________ p2p-hackers mailing list [email protected] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
