On Wed, 3 Dec 2003 14:17:18 +1100, Russell Coker <[EMAIL PROTECTED]> said:
> On Wed, 3 Dec 2003 12:34, Don Armstrong <[EMAIL PROTECTED]> > wrote: >> The problems associated with them aren't too terribly different >> from those associated with keys or other forms of physical >> security, notably, that they can be stolen, or the output from them >> duplicated. > Using a smart-card means that logging in does not merely require > "something you know" but also "something you have". All the good > security guides say that security should depend on "something you > know and something you have", smart-cards plus a password meets this > criteria. An even better security guideline is "something you are" -- so should we not spring for retinal scanners/fingerprint readers/other buiometrics? I mean, we _are_ talking about other peoples money. :P > GPG smart-cards are entering the market. If GPG is crackable then > we have lost regardless. If GPG is secure then GPG smart-cards will > do as long as they are not stolen. Having revokation proceedures > for stolen cards and DD's reliable enough to follow them should deal > with this. Laptops with biometric print readers are supposed to be around the horizon as well. manoj -- You don't move to Edina, you achieve Edina. Guindon Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/> 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C