Re: Sys Admins Wanted

Matthew Gream (mgream@nospam.acacia.itd.uts.edu.au)
Fri, 6 May 94 9:06:08 EST

Earlier, Anand Kumria wrote:

> Who wants to carry around a sheet of 100 passwords ... I login every day
> about 7 - 12 times, it isn't going to last very long & what about when you
> print the things, you have to make that secure too.

Your now talking about the instance of S/Key as a non-reusable
password technology, which I admit isn't the most ideal
representative. Think of things like challenge response
systems, some with hand held authenticators and so on.

> releaize where technology is headed --- not towards "single-use"
> passwords, but biometrics (ie retina scan, finger print scan, voice
> recognition, DNA sampling, brain wave recognition, etcetera) perhaps even in
> conjunction with passwords as well.

Ohh sure, biometrics are in the works, but I doubt they will be
of practical use in distributed communication environments for
quite a while.

But isn't biometric data just a static password anyway ? The
point is that even this sort of authentication information
needs to be operated as a non-reusable password system
(challenge response, zero knowledge techniques [aka.
fiat-shamir] and so on).

My original point was that most entities that require secure
network access via internet or so on use one time systems with
hand-held authenticators now, and the trend is continuing. When
you as a system administrator go and work in corporate
environment, it is extremely likely you'll be involved with
these sort of systems. Brushing them off as "inconvenient"
isn't going to cut it when your protecting millions of dollars
worth of proprietry information.

Maybe i've just seen too much of the old school "it'll be alright
we don't need to worry about this" ideology when it comes to
security and authentication systems.

Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream@nospam.uts.edu.au