Re: Pin generation algorithm question

From: Peter Fairbrother (zenadsl6186_at_zen.co.uk)
Date: 04/24/04 

Date: Sat, 24 Apr 2004 21:15:25 +0100

Ernst Lippe wrote:

> On Sat, 24 Apr 2004 02:48:21 +0100, Peter Fairbrother wrote:
 
>> You have to have a big, valuable target somewhere, you can't avoid it. How
>> are keys better?
>
> There is a major difference between securing an entire database and
> securing a single key.

You have to secure a number of keys in this instance, not a single key. Not
that it makes much difference.

If you want to use crypto hardware, you can use the hardware to encrypt the
tokens in the database with a secret key cipher, or better a keyed hash, and
encrypt/hash then check requests. The database does not require secrecy,
even if it is a database of tokens in issue.

All the authentication server does is accept a request, check to see whether
it (or it's hash) is are on the list, and answer "yes" or "no". Plus keep
non-secret logs. When new tokens are required, they (or their hashes) are
added to the list. You can just do that in secure hardware, or you can use
crypto modules if you prefer.

> When the load of the system is too high for any single server

Ain't going to happen. The average rate is about 2 authentication requests
per second. An authentication request is a few cycles and a lookup, and you
could do a whole lot of those in a second with a P133.

You might want a few servers to handle the request traffic, but not the
authentication, which should be done on one dedicated secure server only.

> Also for
> disaster recovery, you will need another set of hot stand-by servers at a
> different location.

Keep a backup list of issued tokens in a bank vault, and an updated list of
used tokens (the authentication server's log) somewhere offsite. In a
disaster you accept all requests (unless the rate gets abnormally high)
until you can get to the bank and regenerate the list. 

-- 
Peter Fairbrother

Relevant Pages

  • Re: Windows 2003/IIS 6.0 + IE 6.0 - random authentication dialog
    ... NetMon can be found in Add/Remove Programs under Network ... Proper Integrated Authentication functionality requires strict adherence to ... authentication and runnning under Windows 2003 Server Standard ... It happens when the UI requests dynamic content from ...
    (microsoft.public.inetserver.iis.security)
  • Re: NTFS permission for Inprocess DLLs
    ... I wasn't aware of these registry settings. ... Maybe this behaviour differs with W2K Server? ... > more than one user account (not using Anonymous authentication only). ... NTLM authentication tokens are not cached. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Problem - moving to IIS 6.0
    ... server supports/requires authentication, so it always sends a request using ... client to figure out how to optimize the requests to not trigger unnecessary ... server can always be mis-configured to foil any optimization strategy of the ... I've got an ASP.NET app that I've designed and tested on ...
    (microsoft.public.inetserver.iis.security)
  • Re: URLSCAN makes pages with integrated authentication very slow
    ... Because since I have done this with the server header remove, ... >> Authentication typically involves at least one 401.x response prior to ... Performance of authenticated requests is the ... >> and without URLScan from your machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Unix (pam) authorization with required public key
    ... By doing so, one would first authenticate with the SSH key, and then need to authenticate through the "regular" PAM stack (password from LDAP). ... It authorizes on first successful authentication. ... tokens and configure the ssh client to use the key from there. ... Because from server side all managers come from one ip addresses. ...
    (SSH)