Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Nov 2003 08:34:54 -0000
From:      Devon H.O'Dell <dodell@sitetronics.com>
To:        Wes Peters <wes@softweyr.com>
Cc:        Poul-Henning Kamp <phk@phk.freebsd.dk>
Subject:   Re: "secure" file flag?
Message-ID:  <BB6B2B32-217D-11D8-B69B-000A95E5E66E@sitetronics.com>
In-Reply-To: <200311280014.49356.wes@softweyr.com>
References:  <32476.1069741443@critter.freebsd.dk> <200311280014.49356.wes@softweyr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> If you want an interesting problem to work on, come up with a solution 
> to
> the keying problem for disk encryption.  It somehow needs to allow
> automated, unattended reboots during "normal" operations but prevent
> attackers from compromising the system.  Maybe you could have the 
> system
> send an SMS message when it needs a key, you reply with a one-time key
> from your mobile phone?

Actually, this is quite similar to what people at Vasco do 
(http://www.vasco.com). They make devices that (from what I can tell) 
hash a PIN and a timestamp (along with some other arbitrary values 
generated by a server, which are optional) and give you a return hash. 
 From what I've seen, the hash is rather elementary and I feel somewhat 
silly using it to log into my bank. I sent an email to them a while 
ago; it seems that the security may lie somewhat on the knowledge of 
the hashing function.

But there are definitely devices that do these sorts of things 
(although the ones from Vasco don't work with GSM, so sending the SMS 
back would have to go through the phone). Although, I must say, that 
sending the SMS via the phone is quite insecure as well. If you've the 
ability to send SMSes, you can most likely fake the address your SMS is 
coming from, just like you can fake an email. Although, AFAIK, it's a 
bit more difficult to track the origin of an SMS message.

However, most new phones have J2ME capability. I hate Java, but since 
it's the HLL that we're allowed to use, we could make use of it. After 
Helix has had some time to be cryptanalyzed, it might be a good 
candidate for just this kind of application -- a lightweight, fast, 
easily implementable encryption and authentication algorithm (though it 
looks promising to me). Until then, some other kind of 
encryption/authentication could take place. In any case, many phones 
allow sockets to be created and sent (and if they don't, they most 
certainly support HTTPS channels). I think an app utilizing this would 
be a bit more secure in this scenario than one via SMS (or via the 
Vasco method, I don't have a ton of faith in their closed-source 
solution). This would be a good, mobile way to provide a one-time key, 
though. You might even be able to implement it to request keys from 
multiple administrators assuming the first administrator failed. Who 
knows.

Haven't been following this discussing very closely, so feel free to 
poke me with a stick if I'm babbling about some obscure tangent.


> While you're in there, paint that bikeshed blue.

Only if there's not someone painting it already :)

> -- 
>
>         Where am I, and what am I doing in this handbasket?
>
> Wes Peters                                               
> wes@softweyr.com

--Devon



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BB6B2B32-217D-11D8-B69B-000A95E5E66E>