Security Basics mailing list archives
RE: SmartCards
From: "Nick Owen" <nowen () wikidsystems com>
Date: Tue, 12 Aug 2003 16:39:18 -0400
Smartcards should be fairly safe when combined with a PIN, but they are not without risks. In particular, their lack of user interface and user control puts you at the mercy of the reader and there could be compromised readers. You should consider the cost and convenience of the smartcard readers, especially if you're talking about mobile users - will they carry a reader with them and will they take good care of it? With any hardware solution, maintenance and support are often the biggest cost. There is also a cost for distributing the cards. If the cards have keys pre-installed, you will have to take special care. It is always best to have the private key generated on the client device. As far as Linux pams, that should be trivial to do, especially via Java. I don't know much about the IBM security chip. Nick -- Nick Owen CEO WiKID Systems, Inc. 404-879-5227 nowen at wikidsystems.com http://www.wikidsystems.com The End of Passwords --
-----Original Message----- From: Sebastian Schneider [mailto:ses () straightliners de] Sent: Tuesday, August 12, 2003 2:22 PM To: Scott Schwendinger; security-basics () securityfocus com Subject: Re: SmartCards This is really interesting. How does it work? I mean, are there any existing modules for PAM under Linux? Are SmartCards that safe, when just protected by PIN codes? What's about the security chip, which IBM puts into there Laptops/Workstations? Sebastian On Tuesday 12 August 2003 06:36, Scott Schwendinger wrote:Sebastian, Smartcards can contain many authentication id's. PKI client certificates can be stored on the smartcard. When the user access the system/login, a request for proof is sent. The user must provide the PKI certificate. With the use a smartcard reader (external or internal) the PKI certificate is read and the user is authenticated. Scott Schwendinger --- Sebastian Schneider <ses () straightliners de> wrote:Hello, are there any means to authenticate users using SmartCard technologies? It would be helpful, when primary configuration data could be saved to that card to support mobile users. Thanks, Sebastian -- straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Mail: ses () straightliners de Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.------------------------------------------------------------------ --------------------------------------------------------------------------- ---------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com------------------------------------------------------------------ --------------------------------------------------------------------------- ------------ straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Mail: ses () straightliners de Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ------------------------------------------------------------------ --------- ------------------------------------------------------------------ ----------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: sftp vs ftp with ssl, (continued)
- Re: sftp vs ftp with ssl Glenn English (Aug 06)
- RE: sftp vs ftp with ssl Paul Farag (Aug 07)
- Re: sftp vs ftp with ssl Bryan S. Sampsel (Aug 07)
- RE: sftp vs ftp with ssl Skibi de LaPies (Aug 07)
- RE: sftp vs ftp with ssl Glenn English (Aug 08)
- RE: sftp vs ftp with ssl Skibi de LaPies (Aug 08)
- RE: sftp vs ftp with ssl Glenn English (Aug 08)
- SmartCards Sebastian Schneider (Aug 11)
- Re: SmartCards Scott Schwendinger (Aug 12)
- Re: SmartCards Sebastian Schneider (Aug 12)
- RE: SmartCards Nick Owen (Aug 12)
- Re: sftp vs ftp with ssl Glenn English (Aug 06)
- Re: sftp vs ftp with ssl Ido Breger (Aug 08)
- Re: sftp vs ftp with ssl Andreas Happe (Aug 08)