[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] Security (was Re: privacy assessment)

From: J Busser
Subject: [Gnumed-devel] Security (was Re: privacy assessment)
Date: Sat, 17 Nov 2007 10:47:15 -0800

On Nov 16, 2007, at 6:30 PM, Dan Brow wrote:
just use a
IPSec VPN. Don't give access to patient records if the person does not
need it, ie admin staff.

Oscar's "two" passwords had good intentions but I think provides only one "bit" more security than a single password of length equal to the sum of two parts. I bet people's "remote" password is not very long.

Access from outside the network on any computer that may permit credentials to be spied, or keystroke-logged, represents a worrisome added vulnerability. This is unprotected by a VPN which --- helpfully, but only ---creates a secure tunnel through which to communicate plus minus limit the location(s) from which people can access.

An elegant solution would combine:

        1. userid
                (something that the user knows, but which others can know or 
        2. a stable passphrase
                (something *hopefully* only the user knows)
        3. one-time-password (OTPW) generator solution
                (something only the user has)
                (only needed by people needing remote access)

In some organizations, people are made to periodically alter their single password, however I think on a local network it is only needed if people's passwords are permitted to be trivial or easily guessed, provided there is a repeated-attempt lockout or time-out to shut out hackers who could otherwise attempt unlimited, computer-aided password "cracking".

I think that for remote access, #3 is very important. Until now, the only manageable implementations were commercial ($$) like those RSA SecurID tokens, whose regularly-changing LCD displays had been synchronized to a remote server's clock.

However, there is now a slick implementation "Perfect Paper Passwords" --- worked out by Steve Gibson at GRC --- which is relatively nicely laid out here, with links to open source implementations that seem to be really taking off:

In this solution, a server can run software that generates keys, and each user who needs to be able to access remotely can be provided with a credit-card-sized, tri-fold paper wallet card, holding a series of 210 passcodes each of which can be used only once, and in the correct order.

Each time one is used, it is crossed out. The next time, the next passcode is used. Remotely logging in once a day, a passcard would last the user 7 months. The existing passcard can be easily revoked in circumstances of loss or uncertain compromise, and the next trifold passcard is always cheaply and easily generated any time the user is next back on the premises.

The degree of strength that is provided by this solution is described if you skip down along an associated page to the section 'Attck Analysis: The Online Attack":

reply via email to

[Prev in Thread] Current Thread [Next in Thread]