Re: [school-discuss] Re: Re: Passwords for kids? [straying off topic]

[Ian Paterson <ipaterson@shaw.ca>]

Karsten M. Self wrote:
> on Sun, May 16, 2004 at 10:52:36PM -0700, Ian Paterson (ipaterson@shaw.ca) wrote:
>
> > Karsten M. Self wrote:
> >
> > > > > But for a fair number of 'em, particulary the younger set, and a few
> > > > > others with learning disabilities, remembering passwords seems to be
> > > > > beyond the possible.  Anyone have experience with setting up accounts
> > > > > for kids?
> > > > I suppose you could go for a biometric solution
> > How about using floppy disks as hardware ID tokens? 
>
> No floppy drives on the systems.
>
> These kids would likely be putting the disks in pockets, backpacks, etc.
> I'd like to minimize opportunities for foreign material introduction to
> these systems.
Do you mean malicious software hitching a ride on a floppy disk? Or dirt 
and grime wrecking your hardware? 'Cause if it's the former.... *points 
to the 'net*

> Otherwise:  yes, this is a decent suggestion.  Assuming you can trust
> the disk not to get compromised once on the system (either overwriting
> the disk, or copying the keys).
Yeah. Overwriting the disk can be prevented somewhat by explaining the 
overwrite tab and encouraging users to keep it in the upwards position, 
but copying of keys (disks) isn't as easy to defend against.

What did Sierra and Apogee end up doing when they shipped their games on 
disk? Does anyone remember a scheme that wasn't broken that could 
protect the contents of the disk from being copied? As I recall, the 
closest they ever got was to check for specially crafted bad blocks that 
could only be properly read if the disk drive ran slower than usual; 
something they hoped that only their software would be able to do.

> There _is_ something to be said for this.  USB pen drives are another
> option, and are _almost_ getting cheap enough to consider.
True, but they have more capability than you'd want. Floppy disks are 
prevalent enough that you can get them free nowadays since they're 
useless to most people, whereas even an 32meg USB [key/pen] drive still 
has it's uses for transferring small documents and the like. Not 
something I'd want to give out like candy, 'cause if I had that kind of 
cash we could have just gone for the retinal scanners anyways...


> > The downsides to this approach are as follows:
> >
> > - People loose stuff. Be it kids, adults, teenagers or whatever, those
> > disks are going to go missing and when they do, so does yesterday's
> > homework/today's Power Point presentation that you're supposed to be
> > giving in 4 minutes.
>
> Yep.  That's probably the deal breaker right there.
Err, I was just reiterating why floppy disks didn't work for storing all 
personal documents and data, like it was back in the day.

> > The solution, as I see it, is to use a combination of physical
> > identifiers such as biometrics, swipe cards or old fashion steel keys,
> > in addition to the conventional user name/password combination. 
> The RSA fobs people get and use with a PIN have been around for years.
> "Something you have, something you know".  The PIN itself is pretty
> short, and the fob generates a new authentication code every minute,
> good for five minutes, or thereabouts (allowing for some time slew).
Ideally for your situation it would be "something you have, something 
you are", which would be equivalent to "something you know" (and 
possibly something you are, depending on how far you want to take it). 
Hmm...


> Domain authentication is basically "single sign-on".  You authenticate
> to a domain server.  Similar to Kerberos, etc.  The server validates you
> and is what permits you to log on to _both_ the domain (and its
> resources such as shares and printers), _and_ the local workstation.
Off topic: Similar to, or is Kerberos? Ghosts of threads gone by are 
haunting my memories have what was borrowed where.

> What I've got set up has user profiles, *wants* to have a "group
> profile" (essentially:  one place where I can add/remove items from
> desktops, menues, bookmarks, etc.), uses Samba as a primary domain
> controller, and *doesn't* utilize AD/LDAP.
> > Now when someone wants to use a computer to, say, write a biography on 
> > Clifford Cocks, they sit down at any workstation and *either* type in 
> > their user name and password, *or*, they can put in their personalized 
> > floppy disk which contains their ID/certificate that corresponds to 
> > their account. This way, you have the option of bypassing passwords if 
> > you hold the unique ID/certificate (in this case, our floppy disk), 
> > otherwise you can just log in with a user name and password without 
> > needing to keep track of the floppy.
>
> The weakness is that the certificate itself is sufficient.  If it's
> obtained by Eve, she can crack into the system.
No, she can 'illegally' access a single user's account. Which shouldn't 
be trusted anyways.

> This, incidentally, is the same weakness of most biometrics.
> The difference is that you can revoke and issue new keys (certificates).
>
> Grafting a new set of fingerprints, irises, or DNA sequences onto me is
> rather more problematic.
And somewhat more painful. Although anyone who's ever generated SSL 
certs by hand might have reason to disagree...

> > Although inconvenient, the loss of the floppy disk won't mean the loss
> > of data anymore. 
>
> I agree that on a more general basis, this would be a good thing.  In a
> professional setting, HS, college, or elsewhere, I'd much rather have a
> cardreader or USB port into which I could park a token (fob, USB stick,
> PDA, handheld computer, smart card, whatever), punch in a _short_ PIN,
> and be on my way, than have to remember a gazillion 10-character
> randomized passwords similar to:
>
>     eeChu6ahfi iegaizoh1A xeev5ioJuk uSh9ieghar Ai3ohwahxo 
>     is6eiShela Nae1shoong mua7Kohcei Ahfeeph5fi Oogai7eene 
> (pwgen -- my preferred password generator).
>
> ...though I'm pretty good at remembering same.
*shrug*. In a professional setting I'd motion for a company policy to 
just fire the people who still have passwords on sticky notes, but with 
the situation as it stands now, you have to ask yourself if a physical 
identifier required to sign in is less secure or more secure than users 
remembering passwords by telling their friends.

> > Technically speaking, this is really just an implementation of
> > certificate-based identification (public key cryptography) that
> > involves putting the identifying certificate onto a portable device,
> > the floppy disk. A dumbed down smart card, if you will.
>
> Right.
>  
> > (This is ridiculously weak from the point of view of overall security,
>
> The main problem is that the token isn't _bound_ to the medium.  Copying
> the key breaks the system.
Agreed, but this is a weakness that exists for user names, PIN numbers, 
face recognition, credit cards, etc.. Come to think of it, the only 
difference between a system like this and credit cards is the relative 
obscurity of consumer hardware readers/scanners.

The duct tape side of me wants to say "just delete the FAT table and 
always store the key at block X", but that'd only buy you a week or two 
before it'd defeated.

And now I need a cold shower for even contemplating suggesting such a 
thing.

> A smart key which uses a challenge-response protocol that _uses_ its key
> but does not _reveal_ it would be preferred.  But that calls for some
> intelligence.
Well, trusted media at any rate.

> > Comments?
>
> Interesting.  But not where I'm headed.
Too bad, I was having fun with that too.


What about a return to the cipher era and have a printed keyboard 
overlay of some kind with a personalized set of instructions on which 
buttons to press and in what order? Just a simple piece of paper that 
had lines indicating the keys, which could be coloured or whatnot.

At least the hardware would be cheap...

--
Ian Paterson                                  https://www.ipaterson.ca