[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Use of tokens for access to Debian resources?



On Tue, Nov 14, 2006 at 06:47:57PM +0100, Sven Luther wrote:
> On Tue, Nov 14, 2006 at 06:38:58PM +0100, Marco d'Itri wrote:
> > apollock@debian.org wrote:
> > 
> > >I'm inclined to agree with Russell Coker[1], in that Debian should use
> > >something like RSA tokens to control access to Debian resources.
> > I'd love to, but I do not know any which is even close to be really
> > free-as-in-freedom.
> 
> They should be trivial to produce though, if there was a budget for it,
> especially given the relatively big amount of cash debian has on the spi bank
> accounts.
> 
> A special kind of token designed for our uses, with an optional braille
> display for example. Done as a open-source hardware project, with open source
> hardware design tools. That would be a worthy project, and the open sourceness
> of it could both be an example of open source hardware, and improve the
> computer security generally.

I don't think they would be trivial to replicate. The genuine RSA token is a
small sealed card with a keypad, a display and a battery that lasts up
to 3 years. They are small so as to be portable and convenient, which DDs 
will demand.

I don't think the electronics is complicated; basically it just has a
seed which increments every 60 seconds exactly, and to use it you key in
your PIN. Some function of your PIN + the current seed makes your
temporary password. The difficulty is in manufacturing something small
and reliable.

The 60 second update does need to be accurate over the 3 year lifetime,
because a software process at the other end has to know the current
seed. (Often there is +/- one seed leeway). That over extremes of heat,
cold, humidity etc which affect clock stability.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>



Reply to: