[clug] Yubikeys - group purchase?
Robert Edwards
bob at cs.anu.edu.au
Wed Apr 29 05:52:33 GMT 2009
Adam Thomas wrote:
> On Wed, Apr 29, 2009 at 02:36:44PM +1000, Robert Edwards wrote:
>> I also have an outstanding query with Yubico about solutions for
>> PDAs, in particular iPhones and Symbian OS based devices (like my
>> Nokia E71). Two possibilities come to mind:
>> - some sort of applet/widget that implements the Yubikey protocol
>> (open source) in software and just requires some sort of
>> PIN to unlock
>
> Wouldn't this defeat the purpose of having the physical token? You
> would just be going back to single factor auth (something you know)
>
> You'd also need to store the secret key on the PDA, if an attacker got
> access to the PDA they could get the secret key which would make the
> token associated with that key insecure.
I was thinking of something like encrypting the secret key with a PIN.
So the attacker would need physical access to the phone/PDA (generally
well guarded by most users) and to know the PIN to unlock the secret
key. If the phone/PDA is lost, it is little different than a Yubikey
being lost - it would need to be disabled at the authentication
server.
Cheers,
Bob Edwards.
More information about the linux
mailing list