Bill Gates Proclaims End of Passwords 488
KrazyK writes "Bill Gates has just proclaimed the end of passwords. There's only one drawback - you have to use .Net (well, what else would you expect?). However, the smart card that is at the centre of it - made by Axalto - is still a great bit of technology. How long before we can get an open-source version of this?"
end of passwords - not (Score:5, Informative)
an PIN number...
a fingerprint...
Authentication is based around something you have (userid/smartcard/finger...) and something you know (password/PIN/....)
No change since the Secuure Single Sign On days of the mid 1990's. All they are doing is bringing it upto date using
Not a password replacement (Score:5, Informative)
Re:How long before we can get an open-source versi (Score:3, Informative)
Re:So now instead of torturing me... (Score:3, Informative)
Re:Linux is missing an opportunity (Score:1, Informative)
Cripes. just because gates says it's new certianly does not mean it is true.
http://www.strongsec.com/smartcards/howto/html/
start here you clueless fool
How is this better than the Java iButton? (Score:3, Informative)
http://www.ibutton.com/ibuttons/java.html [ibutton.com]
I've had one of these Java-powered iButtons since 2001. If you have the PKI in place it's a very easy technology to use. If you don't, it just gives you bragging rights in the my-computer-is-smaller wars.
Both good.
Phil
Didn't Sun do this 5 years ago? (Score:3, Informative)
US Military has been using this for years. (Score:2, Informative)
The joy of smart cards (Score:2, Informative)
Re:Hmmmm.... (Score:5, Informative)
Re:Didn't Sun do this 5 years ago? (Score:3, Informative)
Don't waste your time by getting the parallel-port adapter, as most modern machines seem to have trouble providing enough power to the iButton for the compute-intensive parts of the process. On the last 3 machines I've had it's been impossible to generate keys because the parallel port can't deliver the necessary oomph.
The serial adapter is probably the best bet for iButtons if you want to use them from Unix/Linux.
Phil
also in Java flavour ... (Score:2, Informative)
Axalto has developed a Java-based version of this card [axalto.com], too.
Re:News? (Score:2, Informative)
And over in Java... (Score:5, Informative)
A classic case of Billy boy announcing something everyone else has. I saw a demo by Sony about 2.5 years ago now which demonstrated smart card + biometrics as an authentication mechanism.
Something like 98% of the world's new smart cards run Java as their programming language, and there are defined standards for security around it. This stuff is already being used in the wild, for instance by the DoD. Oh and if you have one of those "Blue" or clear Amex credit cards... its running Java too.
Or of course you could wait for Longhorn.
In terms of open source, you can do this in Java (which is published and the source is accessible), today.
I love Microsoft, "yesterday's technology, tommorow".
Re:Um... no? (Score:5, Informative)
Retinas at least doesn't leave traces everywhere, but then you still run the risk of data theft.
PAM does this for linux (Score:2, Informative)
Re:Java iButton PAM kit URL (Score:3, Informative)
Re:Hmmmm.... (Score:3, Informative)
Smart cards provide the exact same functionality as my very first usb key.
Re:Hmmmm.... (Score:3, Informative)
Absolutely not. A smart card is nothing like an USB drive where you store a password or cryptographic key.
A smart card contains a closed microprocessor and a small memory. The point is that you cannot get at the contents of the memory at all (unless you have a silicon lab). The microprocessor has a private key that it never shows outside the silicon and a public key that the PC knows about. The smart card can prove its identity by signing stuff the PC sends to it using the secret private key.
Smart cards have been around for a long time. They are not a M$ invention and I'm sure that there are open-source drivers that can talk to smart cards.
It is called Kerberos (Score:3, Informative)
Re:Cheaper Low Tech Alternative (Score:3, Informative)
Take a piece of paper and a paper envelope. Write your password onto the piece of paper and put it into the envelope. This provides the exact same security as a smartcard.
No it doesn't. There is no way of breaking the envelope and retrieving the passphrase. Smartcards (at least the ones I encountered) work by cryptographic challenges (think SSH key auth). The private key is stored on the card, and only/i> on the card. It is also locked by a PIN. Even with the PIN, you cannot retrieve the key: The crypto secret stays completely inside the card, and if your cardreader has got a numeric keypad, the PIN as well won't even leave the combo card/cardreader. The reader I got here for HBCI banking is also sealed by the company to avoid manipulation.
Re:Anybody else notice this came from a French co. (Score:3, Informative)
and some of the other articles found by googling for "france encryption restrictions relaxed" or similar
A bit of a myth, yes. (Score:4, Informative)
Yes. Some biometric sensors can be tricked with dead tissue or a photocopied fingerprint, but the good ones detect life signs. (This is the case for both good fingerprint sensors, reading electric impulses instead of light, and retinal scans that measure blood flow.)
Some sensors are even active, checking how the body reacts to stimuli, for example how the iris reacting to light, comparing it with a recorded sample.
Get rid of passwords (Score:2, Informative)
you don't need microsoft to do that. opensc is available for linux and friends, mac os X and windows, and a CSP for windows is under development.
opensc supports cryptoflex, cyberflex, gemplus pk, siemens card os, telesec tcos, micardo, setec, ibm jcop, oberthur and openpgp smart cards. also the finnish, swedish, estonian and italian id cards are supported with full source code, the spanish linux user group has a special version with support for the spanish id card using a binary only plugin.
also note that opensc does not use a propriotory on card format (like most commercial alternatives), but implements the pkcs#15 standard.
disclosure: I'm one of the developers, doing some advertisement here
wow, this is new! (Score:2, Informative)
oh, except sun was doing it ten years ago.
You know, love Sun microsystems...but if one company has consistently been the victim of an idea whose time has not yet come, and won't come for another 10 years...it's got to be sun. Smart cards, JINI, SunRays...all brilliant...all dead because of being ahead of their time IMHO. They've seriously gotta start hiring some dumber people...I here you can find them in Redmond.