[lug] OTP
Davide Del Vento
davide.del.vento at gmail.com
Wed Jun 12 11:00:57 MDT 2013
> So smart cards do public keys. You only need one pair and the public one
> can be shared with all your providers (so one card, one PIN only). The
> private key doesn't leave the card so the only thing compromised hardware
> gets is your PIN.
>
> You do need more infrastructure to support smart cards but as a user I'd
> much rather have one ID that gets me in everywhere rather than need a
> separate one each place I go.
Now that you mention it, I remember these talks from a long time ago.
Maybe 10-15 years... Do I remember right?
The problem of the dedicated sw and hw is a big one, and if hw
manufacturer have not jumped on board to have any single laptop with
the reader in it, it's not a useful approach for me (and for many, I
guess).
Would it be possible to implement such a thing as a thumb drive and
have it work without special software nor hardware (other the the USB
port and the filesystem driver, which are pretty much ubiquitous)? For
example you could drop a file from the browser into the "smart card"
as in a USB thumb drive filesystem and the hw will do its private-key
crypto on it, and "magically" let another file appear in the
filesystem for you to pick and drop in the browser? A micro keyboard
could be used for the PIN, or the PIN could be forgotten completely
and the lost-of-stolen problem could be solved in other ways (e.g. by
revoking the public key).
Cheers,
Davide
More information about the LUG
mailing list