On Thu, 2004-10-14 at 11:43, Björn Persson wrote:
[Sorry for the delay; I work third shift (2200-0600 local time]
So you'd have some kind of identification on the USB memory, and if the passphrase you type matches that identification, you're logged in. And you'd use this on all the computers you use?
Well, whatever it is keeping them from doing it now, I suppose. We'd have to exchange key data in a hash format a'la SSH; I'm sure there's a way to keep it from being easy to sniff/steal. If not, SSL/SSH/etc would have been routinely hacked on a widespread basis a long time ago, no?
What if you don't fully trust one of these computers? Maybe you're a user on a big campus, and you don't know who the administrators are. You don't even know how many people have root access. If just one of them isn't completely honest, they could install a piece of software that copies your ID from the keyfob and sniffs your passphrase as you type it. Then they can pose as you everywhere.
Well, I understand the concern; but if anyone can work this out, we can....we don't have to beg and borrow from people holding patents, etc. Aye?