Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PKI Technology


  • Please log in to reply
12 replies to this topic

#1 LeeFitzsimmons

LeeFitzsimmons

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 01 October 2017 - 11:11 AM

Does anyone here know anything about PKI technology?

 

My company is now considering using this system, so no one has to remember passwords anymore.

 

I know that it employs the RSA algorithm and uses digital certificates.

 

Could anyone that knows something about this system please add their thoughts?



BC AdBot (Login to Remove)

 


m

#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2017 - 03:04 PM

And what will replace passwords?

 

Smartcards? OTT? ...


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 20 October 2017 - 02:30 PM

And what will replace passwords?

 

Smartcards? OTT? ...

PKI is a system that uses digital certificates. This system can effectively replace passwords.

 

Here is the Wikipedia explanation of this system...

 

https://en.wikipedia.org/wiki/Public_key_infrastructure



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 21 October 2017 - 08:24 AM

I don't think you understood my question.

 

So each employee gets a certificate to replace passwords: where will you store the certificate? On a smartcard?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 21 October 2017 - 03:43 PM

I don't think you understood my question.

 

So each employee gets a certificate to replace passwords: where will you store the certificate? On a smartcard?

Yes, a smartcard would be the option that looks the best right now; however, you could also use an external hard drive.

 

You could also use a disk or another similar storage device.

 

There might be other options.

 

Can you think of any?



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 22 October 2017 - 05:49 AM

Yes, there are USB dongles too. Or smartphones.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 22 October 2017 - 08:43 AM

USB dongles are a very good option. 

 

However, smart phones can be hacked remotely; therefore, they would not be a good choice.



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 27 October 2017 - 04:05 PM

Computers can be hacked remotely too. With enough time and resources, almost everything can be hacked.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 27 October 2017 - 04:49 PM

Yes, Didier, computers can obviously be hacked. However, I never ONCE mentioned that they were an acceptable place to store one's private key. I never said that. I am unsure why you brought it up.

 

This fact is one that should be obvious to all... :-)

 

What we are discussing are things that would be difficult or close to impossible to hack.

 

Like a USB dongle, a disk, or a smart card. There would have to be some type of willing compliance or theft of an actual physical object in order to accomplish this task.

 

A smart phone, on the other hand, CAN be hacked and many of these devices are hacked remotely on a daily basis. This is not a secure place to store one's key.


Edited by LeeFitzsimmons, 27 October 2017 - 04:55 PM.


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 27 October 2017 - 05:05 PM

And I never said that you should place the private key on the computer.

 

Your company is planning to use PKI as a replacement for passwords to log on to their computers, no?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 27 October 2017 - 06:47 PM

Neither one of us said it, so let's just move on...



#12 LeeFitzsimmons

LeeFitzsimmons
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 27 October 2017 - 06:49 PM

We may use PKI as a replacement or as a supplement to our current system. This is called multifactor authentication. It could use PKI and passwords. It could also throw in a retina scan or two just for giggles... :-)


Edited by LeeFitzsimmons, 27 October 2017 - 06:50 PM.


#13 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 5,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:46 PM

Posted 04 November 2017 - 06:24 PM

Just remember USBs can get lost. Just six weeks ago  or so some honest citizen found a USB stick lying in the street that had the full - unencrypted - security protocols for Heathrow Airport on it. As an honest citizen he handed it in at his local police station, he might not have been an honest citizen !

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users