Slashdot Mirror
Bill Gates Proclaims End of Passwords
KrazyK writes "Bill Gates has just proclaimed the end of passwords. There's only one drawback - you have to use .Net (well, what else would you expect?). However, the smart card that is at the centre of it - made by Axalto - is still a great bit of technology. How long before we can get an open-source version of this?"
So how do you 'unlock' the smart card to prove its you (and still you) at the keyboard...???
.NET to quickly build applications.
an PIN number...
a fingerprint...
Authentication is based around something you have (userid/smartcard/finger...) and something you know (password/PIN/....)
No change since the Secuure Single Sign On days of the mid 1990's. All they are doing is bringing it upto date using
Reading the Axalto press release they talk about their cards as an additional form of security, not a password replacement. I've used smart cards for a few things and each of them has been protected by a password too. You enter the smart card and are then asked for a PIN to ensure you have the right to be using that smart card. As another poster said, if there's no password all they have to do is get to your wallet if they want to Get Root. Hopefully if we do see an open source implimentation it won't be passwordless!
None. Or if they did, Sun Microsystems has been using a similar system for years. Smart card readers are standard equipment on all currently available Sun workstations, and have been for the last 3-4 generations of workstations as well. Sun "deployed" this system at least 4 years ago when it introduced "Sun Rays" back in 2000-2001 timeframe. If MS tried to patent this, Sun is clearly prior art, and if it isn't, it should be construed as simply a logical progression of Sun's system, which means it should not be patentable, but then again, we are talking about people who have let though patents on the wheel in recent years...
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I don't know about this implementation, but typically the key on the smart card is password protected. Thus you have to have the card AND know the password. This is why they call it two-factor authentication.
This post cannot be rebroadcast without the express written constent of Major League Baseball.
Linux has had this for OVER 5 years now.
S ma rtCard-Login-HOWTO-1.html
Cripes. just because gates says it's new certianly does not mean it is true.
http://www.strongsec.com/smartcards/howto/html/
start here you clueless fool
See this page:
http://www.ibutton.com/ibuttons/java.html
I've had one of these Java-powered iButtons since 2001. If you have the PKI in place it's a very easy technology to use. If you don't, it just gives you bragging rights in the my-computer-is-smaller wars.
Both good.
Phil
I guess today is a passable day to die.
And it was called the "Java Ring"?
Newer US Military ID cards (~last 2 years)have a 'chip' in them that allow instant login to DOD computer systems. It also stores the user's medical records.
The local Air Force base here went to full implementation of smart cards for logins (the cards double as their building IDs). It was a debacle...they were recognized by the readers about 20% of the time, and misread another 60%. They finally modified the login to allow them to Cancel the smart card scan and log in manually while they slinked off in defeat.
Mutant Freaks of Nature: "Frighteningly Addictive"
Also available in Linux, check the USB PAM module: http://lists.debian.org/debian-mentors/2004/02/msg 00143.html
Axalto has developed a Java-based version of this card, too.
This post is displayed with recycled electrons
And whats the difference between microsofts great new smart card technology and sunray cards ?
A classic case of Billy boy announcing something everyone else has. I saw a demo by Sony about 2.5 years ago now which demonstrated smart card + biometrics as an authentication mechanism.
Something like 98% of the world's new smart cards run Java as their programming language, and there are defined standards for security around it. This stuff is already being used in the wild, for instance by the DoD. Oh and if you have one of those "Blue" or clear Amex credit cards... its running Java too.
Or of course you could wait for Longhorn.
In terms of open source, you can do this in Java (which is published and the source is accessible), today.
I love Microsoft, "yesterday's technology, tommorow".
An Eye for an Eye will make the whole world blind - Gandhi
Also, you don't leave your smartcard at every place you visit, which is the case with fingerprints. You can easily make a gelatine film with fingerprints collected on everyday objects. No fancy equipment required either. When researches tested the technique at a recent show, every fingerprint reading device they were allowed to test, were fooled.
Retinas at least doesn't leave traces everywhere, but then you still run the risk of data theft.
Ceterum censeo Microsoftem esse delendam
Pluggable Authentication Modules Want a new method of authentication? Just write a PAM module!
It's in the archive
yeah, i thought that's why they were called usb KEYs... I think they were originally designed just for this purpose. my first USB key was 64kb (kilobytes) and held only an encryption key.
Smart cards provide the exact same functionality as my very first usb key.
This has been in Mac OS for awhile... as Keychains... mine is on my USB thumb drive...
Absolutely not. A smart card is nothing like an USB drive where you store a password or cryptographic key.
A smart card contains a closed microprocessor and a small memory. The point is that you cannot get at the contents of the memory at all (unless you have a silicon lab). The microprocessor has a private key that it never shows outside the silicon and a public key that the PC knows about. The smart card can prove its identity by signing stuff the PC sends to it using the secret private key.
Smart cards have been around for a long time. They are not a M$ invention and I'm sure that there are open-source drivers that can talk to smart cards.
)9TSS
Linux already has this sort of technology, it is even interoperable with Windows, Solaris, UNICOS and AIX. It is called Kerberos.
Take a piece of paper and a paper envelope. Write your password onto the piece of paper and put it into the envelope. This provides the exact same security as a smartcard.
No it doesn't. There is no way of breaking the envelope and retrieving the passphrase. Smartcards (at least the ones I encountered) work by cryptographic challenges (think SSH key auth). The private key is stored on the card, and only/i> on the card. It is also locked by a PIN. Even with the PIN, you cannot retrieve the key: The crypto secret stays completely inside the card, and if your cardreader has got a numeric keypad, the PIN as well won't even leave the combo card/cardreader. The reader I got here for HBCI banking is also sealed by the company to avoid manipulation.
Life is just nature's way of keeping meat fresh.
Most of the French crypto restrictions were removed in 1999. E.g. see http://www.sobco.com/nww/1999.edited/04-crypto.htm l
and some of the other articles found by googling for "france encryption restrictions relaxed" or similar
One of the things such sensors check for is blood flow. So naturally they'll just have to kill you afterwards, but you won't be needlessly mutilated.
Yes. Some biometric sensors can be tricked with dead tissue or a photocopied fingerprint, but the good ones detect life signs. (This is the case for both good fingerprint sensors, reading electric impulses instead of light, and retinal scans that measure blood flow.)
Some sensors are even active, checking how the body reacts to stimuli, for example how the iris reacting to light, comparing it with a recorded sample.
Irene KHAAAAAAN!
I think smart cards are the right way. Get the normal cryptoflex 32k egate card with a token connector, install openct and opensc (both http://www.opensc.org/), and use the opensc pam module for login, openssh for remote authentication, mozilla or firebird with the opensc pkcs#11 module for email signing and decryption, the opensc tools for initializing the card and diagnostics, openssl with the pkcs11 engine to create signed certificates, and so on.
:-)
you don't need microsoft to do that. opensc is available for linux and friends, mac os X and windows, and a CSP for windows is under development.
opensc supports cryptoflex, cyberflex, gemplus pk, siemens card os, telesec tcos, micardo, setec, ibm jcop, oberthur and openpgp smart cards. also the finnish, swedish, estonian and italian id cards are supported with full source code, the spanish linux user group has a special version with support for the spanish id card using a binary only plugin.
also note that opensc does not use a propriotory on card format (like most commercial alternatives), but implements the pkcs#15 standard.
disclosure: I'm one of the developers, doing some advertisement here
oh, except sun was doing it ten years ago.
You know, love Sun microsystems...but if one company has consistently been the victim of an idea whose time has not yet come, and won't come for another 10 years...it's got to be sun. Smart cards, JINI, SunRays...all brilliant...all dead because of being ahead of their time IMHO. They've seriously gotta start hiring some dumber people...I here you can find them in Redmond.