[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[school-discuss] Re: Re: Passwords for kids?



on Sun, May 16, 2004 at 10:52:36PM -0700, Ian Paterson (ipaterson@shaw.ca) wrote:
> Karsten M. Self wrote:
> >>>But for a fair number of 'em, particulary the younger set, and a few
> >>>others with learning disabilities, remembering passwords seems to be
> >>>beyond the possible.  Anyone have experience with setting up accounts
> >>>for kids?
> >>I suppose you could go for a biometric solution
> 
> How about using floppy disks as hardware ID tokens? 

No floppy drives on the systems.

These kids would likely be putting the disks in pockets, backpacks, etc.
I'd like to minimize opportunities for foreign material introduction to
these systems.

Otherwise:  yes, this is a decent suggestion.  Assuming you can trust
the disk not to get compromised once on the system (either overwriting
the disk, or copying the keys).


> Anyone remember the days when a class would be issued a set of 25..
> err, 35 disks, one per student, and they would all save to their disk?
> Forgetting about the minor details like available space, hardware
> failures and being tied to an object small enough to loose, in my
> experience, this system functioned [relatively] well because there
> wasn't the fake security of a password that was the same as their user
> name, and therefor no challenge in trying to defeat it. Distribute the
> disks at the beginning of class, the kids go do their thing and a
> quick count at the end of the period will ensure that no one leaves
> his or her disk in the drive.

There _is_ something to be said for this.  USB pen drives are another
option, and are _almost_ getting cheap enough to consider.
 
> The downsides to this approach are as follows:
> 
> - People loose stuff. Be it kids, adults, teenagers or whatever, those
> disks are going to go missing and when they do, so does yesterday's
> homework/today's Power Point presentation that you're supposed to be
> giving in 4 minutes.

Yep.  That's probably the deal breaker right there.
 
> - People break stuff. And bend, [de]magnetize, spill juice on, spill 
> coffee on, break pieces off or otherwise vandalize the disks. This too 
> renders the data on the disk inaccessible and also reinforces the users 
> mistrust in technology.

That was my first thought.

 
> The solution, as I see it, is to use a combination of physical
> identifiers such as biometrics, swipe cards or old fashion steel keys,
> in addition to the conventional user name/password combination. 

The RSA fobs people get and use with a PIN have been around for years.
"Something you have, something you know".  The PIN itself is pretty
short, and the fob generates a new authentication code every minute,
good for five minutes, or thereabouts (allowing for some time slew).

> This can be done by adding on to the existing infrastructure of Active
> Directory (aka domain authentication? I'm not very fluent in
> Microsoft), 

They're actually different things.

Domain authentication is basically "single sign-on".  You authenticate
to a domain server.  Similar to Kerberos, etc.  The server validates you
and is what permits you to log on to _both_ the domain (and its
resources such as shares and printers), _and_ the local workstation.

AD is a list of user tokens and capabilities, if I understand it
correctly.  That's the "directory" part.  The "active" bit is that it
can be dynamically updated.  Essentially LDAP plus proprietary
extensions.

> which already stores users' files and preferences globally

No, that's yet another aspect.  It's the "user profile".

Mind, I couldn't have told you all this last week ;-)

What I've got set up has user profiles, *wants* to have a "group
profile" (essentially:  one place where I can add/remove items from
desktops, menues, bookmarks, etc.), uses Samba as a primary domain
controller, and *doesn't* utilize AD/LDAP.


> so you can use any computer and still get at your data. 

That's the idea.

...Plus additional data the system despot desides should or shouldn't go
there....


> Now if you throw in using cheap 3.5" floppy disks as password
> equivalent identifiers, you'll be cookin' with gas. Here's how it
> could work:
 
> For each student, distribute a floppy disk containing the student's 
> unique ID (or 'certificate', depending on how you think of it; see 
> below) and a floppy disk label. The label can have the name already on 
> it or you can get the kids to write it themselves, but they should be 
> encouraged to personalize their disk so that they will be able to 
> recognize it as their own. Colours, stickers, those oh so prevalent 
> scented markers or the gel pens that dispense sparkles as well as near 
> invisible ink, there should be something that appeals to the 
> individual's sense of recognition and leaps out at them from a pile of 
> 30. Store the labeled disks in the classroom (not the lab) in a place 
> that's easy for kids to get at.
> 
> Now when someone wants to use a computer to, say, write a biography on 
> Clifford Cocks, they sit down at any workstation and *either* type in 
> their user name and password, *or*, they can put in their personalized 
> floppy disk which contains their ID/certificate that corresponds to 
> their account. This way, you have the option of bypassing passwords if 
> you hold the unique ID/certificate (in this case, our floppy disk), 
> otherwise you can just log in with a user name and password without 
> needing to keep track of the floppy.

The weakness is that the certificate itself is sufficient.  If it's
obtained by Eve, she can crack into the system.

This, incidentally, is the same weakness of most biometrics.

The difference is that you can revoke and issue new keys (certificates).

Grafting a new set of fingerprints, irises, or DNA sequences onto me is
rather more problematic.

That's among the reasons I don't like giving up my biometrics.  It's not
the trait itself that's meaningful, it's the signal generated from same,
and _that_ can be created any number of ways.
 
> Although inconvenient, the loss of the floppy disk won't mean the loss
> of data anymore. 

I agree that on a more general basis, this would be a good thing.  In a
professional setting, HS, college, or elsewhere, I'd much rather have a
cardreader or USB port into which I could park a token (fob, USB stick,
PDA, handheld computer, smart card, whatever), punch in a _short_ PIN,
and be on my way, than have to remember a gazillion 10-character
randomized passwords similar to:

    eeChu6ahfi iegaizoh1A xeev5ioJuk uSh9ieghar Ai3ohwahxo 
    is6eiShela Nae1shoong mua7Kohcei Ahfeeph5fi Oogai7eene 

(pwgen -- my preferred password generator).

...though I'm pretty good at remembering same.

 
> Technically speaking, this is really just an implementation of
> certificate-based identification (public key cryptography) that
> involves putting the identifying certificate onto a portable device,
> the floppy disk. A dumbed down smart card, if you will.

Right.
 
> (This is ridiculously weak from the point of view of overall security,

The main problem is that the token isn't _bound_ to the medium.  Copying
the key breaks the system.

A smart key which uses a challenge-response protocol that _uses_ its key
but does not _reveal_ it would be preferred.  But that calls for some
intelligence.

> Comments?

Interesting.  But not where I'm headed.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
  There's been too much gaming of the system until it is broke.  Capitalism
  is not working! There has been a corrupting of the system of capitalism.
  - Alan Greenspan, Federal Reserve Chairman, 2002

Attachment: signature.asc
Description: Digital signature