switch to a 2-key system for productive environments. One might use AES with an OpenPGP implementation like GnuPG
I agree that this would be an almost ideal solution, but...
Every user could have a chipcard and
Chipcards are expensive and difficult to replace. And even if they weren't, in hospitals users do not wear chipcards, or users loose it, or users forget it at home, or users break their chipcards inside the chipcards slots... whatever.
the computers running care2x would have chipcard terminals then.
If you propose external devices, why not go to "military grade", a.k.a, biometric security?
The validating system should be self-contained, software based and resident in the system.
We could always email Prof. Dr. Hans Dobbertin. After all he his the man who keeps busting all those full proof/high tech hashing algorithms.
His page may be found at: http://www.ruhr-uni-bochum.de/itsc/itsc-engl/personen/Dobbertin.html
I think this is the most secure and attack-resistant ways of user validation.
I am afraid that I cannot agree with you. Before that you must count on biometric validation: face, eye, ear, voice, fingerprint, keyboard keying patterns, whatever...
But even using combinations of the above...
possible to switch between those two systems. So when care2x is being set up at a client (like a hospital), as long as it's still being tested use MD5 - when everything works switch to PGP.
Like in a chain the weakest link will be the critical link. And the weakest link is the human. He still uses her wife name or son's birth date... and against that you may do nothing. Even if you naively try to enforce the usage of better password policies.
So lets keep it simple: login + password immediately hashed with HAVAL or RIPEMD-160 and sent only over s-http. We already have this mechanism. Changing the algorithms should be pretty simple.
For the real serious matters, long distance calls or internet access, or whenever the systems rules find a dubious user, or a user trying to access information that should not be available at his status level, the systems should challenge the user and try to ascertain that he really is whom he claims to be.
How do we do that? Banks have studied it before. They have used experienced consultants from the military and intelligence community and at what solution did they arrive?
The pocket calendar. You give every user a pocket calendar. In one of the sides you print a "naval battle" like matrix:
vertical: A, B, C, etc.
horizontal: 1, 2, 3, etc.
This grid is then populated with aleatory letters, numbers, symbols. These will be different for each card. Every time the user looses a card he goes to a terminal and asks for a new one. This operation will invalidate the old card and will print in a piece of paper a new card with a totally different set of numbers.
So, whenever a doubt arises, the system challenges the user asking: tell me the symbol at C6, now tell me the symbol at A7, etc. ...
"Beep...
this attempt as been logged and security has been notified...
please stand by to be arrested." :-)
Now, this is poor man's high level security. To compromise it you need to know someone's else login+password and have his current trust card (or a copy of it).
Best regards,
J. A.
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Care2002-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/care2002-developers
