SJS wrote:
begin quoting Andrew Lentvorski as of Fri, Aug 29, 2008 at 01:42:45AM -0700:
I'm thinking about how you reuse the fob. You only want one of these
things on your keychain, after all.
Ah!
You're thinking of having one fob and, say, five different server
that you might want to log into, but if one of the five gets cracked,
you don't have to worry about the other four?
Would you be adverse to having an input of some sort?
Yeah, I would be adverse to that. Don't make me think.
Using a second factor is already annoying enough.
Also, please remember that I'm willing to burn *LOTS* of the server's
CPU/time/power to make this work. Given that you log in once in a great
while, even if the server has to do lots of computation, I don't really
care since it only has to do it *once* on login to authenticate the fob.
So, I'm willing to burn almost arbitrary server computation/time or
original configuration computation/time as long as it simplifies what
the fob has to do. ie. Having a nice big computer compute the
public/private pair and then just burn the relatively small private key
onto the fob is acceptable even if the public key has to be *gigantic*
and takes forever to create.
The goal is to offload as much computation away from the 8051 as possible.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
