[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comment on xauth and hybrid
At 4:11 PM -0400 7/21/99, Y. John Jiang wrote:
>Certificate authentication is prone to key board monitoring attack.
>If one leaves the hard token in the PCMCIA slot, it is as weak as
>a soft token.
No well-engineered hardware device should be capable of having it's private
key(s) extracted via a software attack effected through a PC to which it is
connected. Depending on the engineering of the device one might carry out
various forms of close-in attacks, if the device is enabled and physically
available to an attacker. Certainly one could initiate new SAs that the
user might not really want to authorize (but that's a problem in any case).
What eacctly did you have in mind when you made the above statement/
Steve
Follow-Ups:
References: