On Tue, Nov 14, 2006 at 06:47:57PM +0100, Sven Luther wrote: > On Tue, Nov 14, 2006 at 06:38:58PM +0100, Marco d'Itri wrote: > > [EMAIL PROTECTED] wrote: > > > > >I'm inclined to agree with Russell Coker[1], in that Debian should use > > >something like RSA tokens to control access to Debian resources. > > I'd love to, but I do not know any which is even close to be really > > free-as-in-freedom. > > They should be trivial to produce though, if there was a budget for it, > especially given the relatively big amount of cash debian has on the spi bank > accounts. > > A special kind of token designed for our uses, with an optional braille > display for example. Done as a open-source hardware project, with open source > hardware design tools. That would be a worthy project, and the open sourceness > of it could both be an example of open source hardware, and improve the > computer security generally.
I don't think they would be trivial to replicate. The genuine RSA token is a small sealed card with a keypad, a display and a battery that lasts up to 3 years. They are small so as to be portable and convenient, which DDs will demand. I don't think the electronics is complicated; basically it just has a seed which increments every 60 seconds exactly, and to use it you key in your PIN. Some function of your PIN + the current seed makes your temporary password. The difficulty is in manufacturing something small and reliable. The 60 second update does need to be accurate over the 3 year lifetime, because a software process at the other end has to know the current seed. (Often there is +/- one seed leeway). That over extremes of heat, cold, humidity etc which affect clock stability. Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]