Hi! I followed the discussion a little, and wanted to point you guys to a program I wrote for the iButton smart-card. It is a PAM module that authenticates users by a challenge/response approach using RSA. The private key is generated and stored on the iButton, the public part is stored on the computer (in /etc/iButton.conf). If a user wants to authenticate to the system, a random number is generated and encrypted using the public key. This is then sent to the iButton. The iButton decrypts it (using the private key) and sends the SHA-1 hash of it back. The host also calculates the SHA-1, if they match : PAM_SUCESS and login is allowed. The tool consists of a C configuration tool, the pam-module and a Java applet to be executed on the iButton. _Now_ the interesting part for the ongoing discussion: I also included support to store a 200 character long password on the iButton. It is also possible to let this password be generated randomly on the iButton. (The iButton comes with a random number generator implemented, it measures the thermal noise across some resistor, so that should give you fairly good random numbers!). I initially wanted this password to be used as the password for the crypto-loopback device, but I never had time to implement this. I think this should be farily easy to do. Mount and losetup would need to be patched slightly. I would like to do this myself, but in the moment I'm too busy with my PhD. But somebody of you guys might want to have a look on it and do the necessary changes to mount, etc. If somebody wants to do it, I would be happy to get a working patch mailed, so that I can include it into the tar file. 200 characters (not letters but of type char, i.e. 1- 255) should be good enough for a password and no need to memorize them! Anyways, the tar -file can be found under :http://www-users.rwth-aachen.de/dierk.bolten/pam_ibutton.html Hope you find it interesting. Cheers, Dierk Institute of Materials in Electrical Engineering and Information Technology II Sommerfeldstr. 24, 52074 Aachen voice: ++49-241-80 7822 fax: ++49-241-8888 300 email: bolten@xxxxxxxxxxxxxxxxxx web: http://www.iwe.rwth-aachen.de Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
