1 |
On Thu, 25 Mar 2010 21:38:20 +0200 |
2 |
pageexec@××××××××.hu wrote: |
3 |
|
4 |
> > That somebody with a few probes and a 50 quid USB logic analyser |
5 |
> > can't capture the entropy that was delivered to the system. (One |
6 |
> > of the target markets is installation in shared co-location |
7 |
> > facilities.) |
8 |
> |
9 |
> do they also protect against impersonation? from your other answers |
10 |
> i infer that there's some (mutual?) authentication between the device |
11 |
> and the kernel, so it should be possible ;). |
12 |
|
13 |
Yes. There's a shared secret printed on a security card in the box |
14 |
that in written into some one-time-programmable memory in the device. |
15 |
You then use this key to generate another key, which is then stored on |
16 |
the machine, and used to generate session keys. (ie, the master key on |
17 |
the security card is never stored on the machine, so even if your |
18 |
machine is compromised, you can still use the device safely elsewhere.) |
19 |
|
20 |
B. |