LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

PDAs and ssh and security

PDAs and ssh and security

Posted Dec 12, 2003 22:47 UTC (Fri) by dlang (subscriber, #313)
In reply to: PDAs and ssh and security by eli
Parent article: ssh and security

a PDA does a good job of this and can replace a hardware token.

ASSUMING that the contents of the PDA are secured appropriatly.

for example if the application checks your password and then if it matches gives you access to a datafile someone else can get access to the data if you sync it to your desktop.

however if the data on the PDA is encrypted with no encryption key ever stored on the PDA then it's much better

for example if you need to store a 64 bit key on the PDA the best way I've seen is to ask the user for a PIN and then encrypt the key useing that PIN and store the result, when the user needs to access the key have them enter a PIN and use that to decrypt the key, the thing that makes this work is that the key is a random binary blob, an attacker has no way of knowing if it decrypted sucessfully or not, the only way to know is to attempt to use it to access another system. this means that even with a 4 digit PIN it will take an average of 500 login attempts to find that it's right, giveing you a chance to notice (to many bad login protection)

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds