Mr. Bolten: Actually, Aladdin sells a product called the "etoken", and it has rsa-1024 algorithm built into it. I would love to look at your code, and try to adapt it to allow a user to log in using the Aladdin USB key fob. As well, I would not mind trying to adapt (or work with the authors to adapt) the Crypto API to support such a key. It completely allows for automation of opening up a system. Imagine this: You plug the Aladdin into your laptop, and boot up Linux, they logs you on, the key also is used as a pass phrase for mounting crypto partitions etc. Amazing, no? I would like to get one of their software development kits, as CD9 now includes Linux drivers. Forget the possibilities of using it with W2K to do logging on (and not having to type a password) as well. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Monday, July 09, 2001 4:18 AM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Bolten, Dierk Sent: Monday, July 09, 2001 3:29 AM To: linux-crypto@xxxxxxxxxxxx Subject: password on smart-cards Hi! I followed the discussion a little, and wanted to point you guys to a program I wrote for the iButton smart-card. It is a PAM module that authenticates users by a challenge/response approach using RSA. The private key is generated and stored on the iButton, the public part is stored on the computer (in /etc/iButton.conf). If a user wants to authenticate to the system, a random number is generated and encrypted using the public key. This is then sent to the iButton. The iButton decrypts it (using the private key) and sends the SHA-1 hash of it back. The host also calculates the SHA-1, if they match : PAM_SUCESS and login is allowed. The tool consists of a C configuration tool, the pam-module and a Java applet to be executed on the iButton. _Now_ the interesting part for the ongoing discussion: I also included support to store a 200 character long password on the iButton. It is also possible to let this password be generated randomly on the iButton. (The iButton comes with a random number generator implemented, it measures the thermal noise across some resistor, so that should give you fairly good random numbers!). I initially wanted this password to be used as the password for the crypto-loopback device, but I never had time to implement this. I think this should be farily easy to do. Mount and losetup would need to be patched slightly. I would like to do this myself, but in the moment I'm too busy with my PhD. But somebody of you guys might want to have a look on it and do the necessary changes to mount, etc. If somebody wants to do it, I would be happy to get a working patch mailed, so that I can include it into the tar file. 200 characters (not letters but of type char, i.e. 1- 255) should be good enough for a password and no need to memorize them! Anyways, the tar -file can be found under :http://www-users.rwth-aachen.de/dierk.bolten/pam_ibutton.html Hope you find it interesting. Cheers, Dierk Institute of Materials in Electrical Engineering and Information Technology II Sommerfeldstr. 24, 52074 Aachen voice: ++49-241-80 7822 fax: ++49-241-8888 300 email: bolten@xxxxxxxxxxxxxxxxxx web: http://www.iwe.rwth-aachen.de Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
