Re: Use of tokens for access to Debian resources?
On Tue, Nov 14, 2006 at 06:47:57PM +0100, Sven Luther wrote:
> On Tue, Nov 14, 2006 at 06:38:58PM +0100, Marco d'Itri wrote:
> > firstname.lastname@example.org wrote:
> > >I'm inclined to agree with Russell Coker, in that Debian should use
> > >something like RSA tokens to control access to Debian resources.
> > I'd love to, but I do not know any which is even close to be really
> > free-as-in-freedom.
> They should be trivial to produce though, if there was a budget for it,
> especially given the relatively big amount of cash debian has on the spi bank
> A special kind of token designed for our uses, with an optional braille
> display for example. Done as a open-source hardware project, with open source
> hardware design tools. That would be a worthy project, and the open sourceness
> of it could both be an example of open source hardware, and improve the
> computer security generally.
I don't think they would be trivial to replicate. The genuine RSA token is a
small sealed card with a keypad, a display and a battery that lasts up
to 3 years. They are small so as to be portable and convenient, which DDs
I don't think the electronics is complicated; basically it just has a
seed which increments every 60 seconds exactly, and to use it you key in
your PIN. Some function of your PIN + the current seed makes your
temporary password. The difficulty is in manufacturing something small
The 60 second update does need to be accurate over the 3 year lifetime,
because a software process at the other end has to know the current
seed. (Often there is +/- one seed leeway). That over extremes of heat,
cold, humidity etc which affect clock stability.
Hamish Moffatt VK3SB <email@example.com> <firstname.lastname@example.org>