on Mon, May 17, 2004 at 11:46:51AM -0700, Ian Paterson (ipaterson@shaw.ca) wrote:
> Karsten M. Self wrote:
> >on Sun, May 16, 2004 at 10:52:36PM -0700, Ian Paterson (ipaterson@shaw.ca)
> >wrote:
> >
> >>Karsten M. Self wrote:
> >>>>>But for a fair number of 'em, particulary the younger set, and a few
> >>>>>others with learning disabilities, remembering passwords seems to be
> >>>>>beyond the possible. Anyone have experience with setting up accounts
> >>>>>for kids?
> >>>>
> >>>>I suppose you could go for a biometric solution
> >>
> >>How about using floppy disks as hardware ID tokens?
> >No floppy drives on the systems.
> >These kids would likely be putting the disks in pockets, backpacks, etc.
> >I'd like to minimize opportunities for foreign material introduction to
> >these systems.
>
> Do you mean malicious software hitching a ride on a floppy disk? Or dirt
> and grime wrecking your hardware? 'Cause if it's the former.... *points
> to the 'net*
Physical harm to hardware.
An additional issue has surfaced with degraded CD/DVD drives. I've
incorporated the "no damaged disks" message.
Bits of silver flaking off at a few hundred RPM inside a case strikes me
as less than ideal.
> >Otherwise: yes, this is a decent suggestion. Assuming you can trust
> >the disk not to get compromised once on the system (either
> >overwriting the disk, or copying the keys).
>
> Yeah. Overwriting the disk can be prevented somewhat by explaining the
> overwrite tab and encouraging users to keep it in the upwards position,
> but copying of keys (disks) isn't as easy to defend against.
>
> What did Sierra and Apogee end up doing when they shipped their games on
> disk? Does anyone remember a scheme that wasn't broken that could
> protect the contents of the disk from being copied?
Someone covers this in a discussion of Steve Wozniak, and I'm trying to
remember whom. Possibly Phil Zimmerman. There's never been a software
copy-prevention scheme he hasn't cracked, IIRC.
[USB pen drives...]
> True, but they have more capability than you'd want. Floppy disks are
> prevalent enough that you can get them free nowadays since they're
> useless to most people, whereas even an 32meg USB [key/pen] drive still
> has it's uses for transferring small documents and the like.
Getting Floppy drives on newer HW (particularly laptops) is becoming
sketchy.
> >Domain authentication is basically "single sign-on". You authenticate
> >to a domain server. Similar to Kerberos, etc. The server validates you
> >and is what permits you to log on to _both_ the domain (and its
> >resources such as shares and printers), _and_ the local workstation.
>
> Off topic: Similar to, or is Kerberos? Ghosts of threads gone by are
> haunting my memories have what was borrowed where.
More or less directly identical to a legacy MS Windows domain log-on.
As that's what Samba does.
Kerberos IIRC uses a key and keyserver. RTFM if you need the gritty
details.
> >What I've got set up has user profiles, *wants* to have a "group
> >profile" (essentially: one place where I can add/remove items from
> >desktops, menues, bookmarks, etc.), uses Samba as a primary domain
> >controller, and *doesn't* utilize AD/LDAP.
>
> >>Now when someone wants to use a computer to, say, write a biography on
> >>Clifford Cocks, they sit down at any workstation and *either* type in
> >>their user name and password, *or*, they can put in their personalized
> >>floppy disk which contains their ID/certificate that corresponds to
> >>their account. This way, you have the option of bypassing passwords if
> >>you hold the unique ID/certificate (in this case, our floppy disk),
> >>otherwise you can just log in with a user name and password without
> >>needing to keep track of the floppy.
> >
> >
> >The weakness is that the certificate itself is sufficient. If it's
> >obtained by Eve, she can crack into the system.
>
> No, she can 'illegally' access a single user's account. Which shouldn't
> be trusted anyways.
That was more or less what I'd said. There are additional elements
which make this something to be avoided if possible.
> >This, incidentally, is the same weakness of most biometrics.
> >The difference is that you can revoke and issue new keys (certificates).
> >
> >Grafting a new set of fingerprints, irises, or DNA sequences onto me is
> >rather more problematic.
>
> And somewhat more painful. Although anyone who's ever generated SSL
> certs by hand might have reason to disagree...
If you want to insist on making it a fair comparison, please rip out and
exchange your eyeballs, and give me a complete comparative report by
Tuesday.
Biometrics have some rather weak points.
> *shrug*. In a professional setting I'd motion for a company policy to
> just fire the people who still have passwords on sticky notes, but
> with the situation as it stands now, you have to ask yourself if a
> physical identifier required to sign in is less secure or more secure
> than users remembering passwords by telling their friends.
Unfortunately, likelihood of stickies seems to increase as you climb the
corporate structure (with few notable exceptions). I think the real
lesson is that security is hard, and people won't remember passwords.
> >The main problem is that [in a floppy-is-your-access-key system] the
> >token isn't _bound_ to the medium. Copying the key breaks the
> >system.
>
> Agreed, but this is a weakness that exists for user names, PIN numbers,
> face recognition, credit cards, etc..
Keys bound to a person's head (a short, memorable passphrase), and/or
not available with high latency on the system, are far less likely to be
compromised. Floppies just weren't built for this.
> Come to think of it, the only difference between a system like this
> and credit cards is the relative obscurity of consumer hardware
> readers/scanners.
Debit cards are protected by a secondary key: your PIN.
Credit cards are protected by a _pretty_ effective rapid-response
system. Having worked directly in the field: it's possible to disable
a card in a matter of minutes.
In _both_ cases, the risk is a readily replaced commodity scaler (an
account balance). Not a trove of complex data with deep trust
relationships and unknown consequences to compromise.
> What about a return to the cipher era and have a printed keyboard
> overlay of some kind with a personalized set of instructions on which
> buttons to press and in what order? Just a simple piece of paper that
> had lines indicating the keys, which could be coloured or whatnot.
There have been several recent suggestions for "click the icons/pictures
in a known sequence" authentication schemes. These would be good
particularly for kids. However they're also likley to be closely bound
to a specific implmenentation. Userid/password is readily identified
across a broad set of domains.
As a postscript: I've been using a set of "favorites" (what's your
favorite ...), selecting mutiple questions, to generate passwords. This
has turned out to be a pretty reliable method, the kids remember their
passwords, and if they don't, I just ask "what's your favorite..." and
they remember. Well, except for a few of the six year olds.
But with well over 200 accounts, I've only got a small handful (Skil-Saw
handful as I call it...) who can't reliably log in.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Vote Bush in '04: Because dictatorship is easier
Attachment:
signature.asc
Description: Digital signature