Re: [Gnumed-devel] ssh-keygen question

[Ian Haywood]

Sebastian Hilbert wrote:
> A little off topic but still worth mentioning. I bought my self a 
> fingerprint/biometric protected usb stick and keep my private keys 
Cool, where from?
> ssh/gpg/certificates on this device. Just place a symlink into your homedir.  
> I even use it to login on my linux box. No more password typing. This little 
> stick is actually quite safe. All encryption/decryption within the device.  
Not sure about this.
Unless it's got a little CPU on there doing the actual crypto,
[in which case, you might as well buy a Zaurus], you are still
doing this on the host PC. This means, if the host PC is infected,
you are hosed, as it can grab your private keys as they are loaded into RAM.
(but this is academic, as the attacker can read all you wonderful secret 
medical data by
grabbing regular screendumps, too)
> software on host PCs needed. Works for Linux and Windows. Simply great. I 
> never go anywhere without it. There is one problem. It's not cheap. Around 
> 250Euro for 256 MB. You gotta know what you are willing to pay for security.
~= $A600 Hmm, not cool.
> For the distant future I plan to use this for GNUmed logon. 
Excellent idea.
Tunnelling the postgres connection over SSH would be good too (which solves 2 
problems
at once)

Ian

signature.asc
Description: OpenPGP digital signature