A (not) new security idea

[Björn Persson]

Brian Fahrlander wrote:

>     Keyfobs.  These little USB droplets of cyberspace.  How about we, as
> one of the largest collections of Linux people out there, standardize
> some software to fit into PAM to do this:
> 
>     1. Upon insertion, ask for the passphrase a'la local-agent.
> 
>     2. When validated, use these credentials for everything.

So you'd have some kind of identification on the USB memory, and if the
passphrase you type matches that identification, you're logged in. And
you'd use this on all the computers you use?

What if you don't fully trust one of these computers? Maybe you're a
user on a big campus, and you don't know who the administrators are. You
don't even know how many people have root access. If just one of them
isn't completely honest, they could install a piece of software that
copies your ID from the keyfob and sniffs your passphrase as you type
it. Then they can pose as you everywhere.

Or maybe the administrators at work don't trust the security of your
home computer. Maybe they're worried that someone might break into your
home computer and thereby gain access to the corporate network.

What do you do to solve these problems? You start using a different ID
at every site. And then you're back to the same situation, with more and
more passwords to remember. See, your scheme isn't really any different
from just using the same password everywhere.

What we need is a way to identify yourself to a computer without at the
same time giving the computer the ability to pose as you. This requires
a "personal identity gadget" with its own processor and a way to
interact directly with you.

Björn Persson