[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] ssh-keygen question
From: |
Sebastian Hilbert |
Subject: |
Re: [Gnumed-devel] ssh-keygen question |
Date: |
Mon, 28 Feb 2005 03:45:42 +0100 (MET) |
> Sebastian Hilbert wrote:
> > A little off topic but still worth mentioning. I bought my self a
> > fingerprint/biometric protected usb stick and keep my private keys
> Cool, where from?
www.bioslimdisk.com
www.4trust.de
> > stick is actually quite safe. All encryption/decryption within the
> device.
> Not sure about this.
> Unless it's got a little CPU on there doing the actual crypto,
> [in which case, you might as well buy a Zaurus]
AFAIK there is some processor on this device. That is whz although its USB
2.0 it doesn't reach throughput above USB1.1. There is no communication
between the device and the host PC until the device accepted your print.
Actually you can register 5or six prints. I use a few fingers of both hands
just to be safe ...
, you are still
> doing this on the host PC. This means, if the host PC is infected,
> you are hosed, as it can grab your private keys as they are loaded into
> RAM.
They say that even if the attacker dismantles the device it won't get the
kez since it is encrypted but if the host PC is infected it might grab my
key. On Windows FAT at least which doesn't give a sh... about user rights.
> (but this is academic, as the attacker can read all you wonderful secret
> medical data by
> grabbing regular screendumps, too)
Or just walk into the office and use the PCs as it is very common anywhere
:-)
> > software on host PCs needed. Works for Linux and Windows. Simply great.
> I
> > never go anywhere without it. There is one problem. It's not cheap.
> Around
> > 250Euro for 256 MB. You gotta know what you are willing to pay for
> security.
> ~= $A600 Hmm, not cool.
Yeah quite hefty. We have some paranoid clients who love this thing.
One could get a samller one for less. Prices will drop sooner or later.
I might offer branded ones in the future. One can order them rebranded.
And BTW each stick has an individual serial number. If you register your
stick and loose it people can mail it to a PO box in Frankfurt. They will
send it to you.
--
*************************************************************************
*
* help solving the protein folding problem
foldingathome.stanford.edu
*
* sign the linux driver petion :
http://www.libranet.com/petition.html
*
*************************************************************************
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
- Re: [Gnumed-devel] ssh-keygen question, (continued)
- Re: [Gnumed-devel] ssh-keygen question, David Grant, 2005/02/26
- Re: [Gnumed-devel] ssh-keygen question, Sebastian Hilbert, 2005/02/27
- Re: [Gnumed-devel] ssh-keygen question, Ian Haywood, 2005/02/27
- Re: [Gnumed-devel] ssh-keygen question, Karsten Hilbert, 2005/02/27
- Re: [Gnumed-devel] ssh-keygen question, Ian Haywood, 2005/02/27
- Re: [Gnumed-devel] ssh-keygen question, J Busser, 2005/02/27
- Re: [Gnumed-devel] ssh-keygen question, Ian Haywood, 2005/02/28
- Re: [Gnumed-devel] ssh-keygen question, Karsten Hilbert, 2005/02/28
- Re: [Gnumed-devel] ssh-keygen question, Karsten Hilbert, 2005/02/28
- Re: [Gnumed-devel] ssh-keygen question, Karsten Hilbert, 2005/02/28
- Re: [Gnumed-devel] ssh-keygen question,
Sebastian Hilbert <=