[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

password on smart-cards

To: linux-crypto@nl.linux.org
Subject: password on smart-cards
From: "Bolten, Dierk" <bolten@IWE.RWTH-Aachen.de>
Date: Mon, 9 Jul 2001 12:29:09 +0200
Sender: owner-linux-crypto@nl.linux.org

Hi!

I followed the discussion a little, and wanted to point you guys to a
program I wrote for the iButton smart-card. It is a PAM module
that authenticates users by a challenge/response approach using RSA. The
private key is generated and stored on the iButton, the public
part is stored on the computer (in /etc/iButton.conf). If a user wants to
authenticate to the system, a random number is generated and encrypted using
the public key. This is then sent to the iButton. The iButton decrypts it
(using the private key) and sends the SHA-1 hash of it back. The host also
calculates the SHA-1, if they match : PAM_SUCESS and login is allowed. 

The tool consists of a C configuration tool, the pam-module and a Java
applet to be executed on the iButton. _Now_ the interesting part for the
ongoing discussion: I also included support to store a 200 character long
password on the iButton. It is also possible to let this password be
generated randomly on the iButton. (The iButton comes with a random number
generator implemented, it measures the thermal noise across some resistor,
so that should give you fairly good random numbers!). I initially wanted
this password to be used as the password for the crypto-loopback device, but
I never had time to implement this. I think this should be farily easy to
do. Mount and losetup would need to be patched slightly.

I would like to do this myself, but in the moment I'm too busy with my PhD.
But somebody of you guys might want to have a look on it and do the
necessary changes to mount, etc. If somebody wants to do it, I would be
happy to get a working patch mailed, so that I can include it into the tar
file. 200 characters (not letters but of type char, i.e. 1- 255) should be
good enough for a password and no need to memorize them!

Anyways, the tar -file can be found under
:http://www-users.rwth-aachen.de/dierk.bolten/pam_ibutton.html

Hope you find it interesting. 

Cheers,
Dierk


Institute of Materials in Electrical Engineering 
    and Information Technology II
Sommerfeldstr. 24, 52074 Aachen
voice: ++49-241-80 7822
fax: ++49-241-8888 300
email: bolten@iwe.rwth-aachen.de
web: http://www.iwe.rwth-aachen.de


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- RE: password on smart-cards
  - From: "IT3 Stuart B. Tener, USNR-R" <stuart@bh90210.net>

Prev by Date: Re: Announce loop-AES-v1.3b file crypto package
Next by Date: Re: Announce loop-AES-v1.3b file crypto package
Prev by thread: No Subject
Next by thread: RE: password on smart-cards
Index(es):
- Date
- Thread