| 1 |
On Thu, 25 Mar 2010 21:38:20 +0200 |
| 2 |
pageexec@××××××××.hu wrote: |
| 3 |
|
| 4 |
> > That somebody with a few probes and a 50 quid USB logic analyser |
| 5 |
> > can't capture the entropy that was delivered to the system. (One |
| 6 |
> > of the target markets is installation in shared co-location |
| 7 |
> > facilities.) |
| 8 |
> |
| 9 |
> do they also protect against impersonation? from your other answers |
| 10 |
> i infer that there's some (mutual?) authentication between the device |
| 11 |
> and the kernel, so it should be possible ;). |
| 12 |
|
| 13 |
Yes. There's a shared secret printed on a security card in the box |
| 14 |
that in written into some one-time-programmable memory in the device. |
| 15 |
You then use this key to generate another key, which is then stored on |
| 16 |
the machine, and used to generate session keys. (ie, the master key on |
| 17 |
the security card is never stored on the machine, so even if your |
| 18 |
machine is compromised, you can still use the device safely elsewhere.) |
| 19 |
|
| 20 |
B. |
Archives