OTP for smartcards (Was: SecureID vs Certificates)

[Carson Gaspar <carson () taltos org>]

--On Friday, February 16, 2001 9:23 AM +1100 Darren Reed 
<darrenr () reed wattle id au> wrote:

> I've been playing with an iKey-2000 and while it's kind of cool when
> used with Netscape, it still requires a static password/pass phrase
> to unlock it.  What I want is for that password to be an SKEY input
> (or similar).

This is certainly possible with today's smartcard technology. All OPIE 
requires is SHA1 and a small amount of storage. There are some potential 
obstacles:

- Does the card allow you to install your own code for PIN validation? 
(obviously fixable by the card manufacturer)
- Does the card interface protocol allow for a challenge to be retreived 
before transmitting a PIN?
- Does PKCS#11 allow for said challenge?
- Can the card accept a long-enough alpha-numeric PIN?

It's probably worth talking to the Citi UMich folks about this. I'm sure 
Honey would love it.

--
Carson Gaspar - carson () taltos org
Queen trapped in a butch body
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards