fingerprints Re: Debian Investigation Report after Server Compromises
On Mon, 8 Dec 2003, Colin Watson wrote:
> What you'd actually want is hardware that stores the keys and does the
> signing and decryption for you, but refuses to expose the private key
> material itself to the host. Then, while a cracker could sniff your
> passphrase, the key itself would still be safe after the machine had
> been re-secured. You can go further by requiring physical presentation
> of smartcards or similar in order to use the key, which is less
> convenient but makes a passphrase more or less useless on its own.
you can also use a [warm blooded] fingerprint scanner ...
since "smartcards can be lost" ..
- but if you lose your finger or you lose your fingerprint
on a glass with fingerprint stealing glue, you're in deep kaka
anyway
- the scanners isa bout $200 or so ( sony/nec has um )
and somebody has the fingerprint scanner built into the keyboard
- we did it also with twane 8.5"x11" scanners a few years back ...
have fun
alvin
> (Disclaimer: I work for such a company, although you'd probably have to
> do a bit of work at the moment to integrate our hardware smoothly with
> gpg and ssh.)
>
> --
> Colin Watson [cjwatson@flatline.org.uk]
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: