[ltp] using fingerprint reader for encryption or ssh login?

Jiang Qian linux-thinkpad@linux-thinkpad.org
Tue, 20 Nov 2007 06:21:50 -0500


> Jiang Qian wrote:
> > 	I'm among the paranoid people out there who encrypt things but 
> > still fear key stroke logger to steal my passwords.
> 
> If there was a keylogger on your machine, the attacker might have
> modified your kernel with exactly zero effort in such a way that it
> would sent all your private data to her computer system.
> 
> If you're really that paranoid, you might want to try a HW crypto device
> (maybe the TPM chip in recent Thinkpads is good for it, provided you
> trust a Chinese company making them, maybe it isn't suitable, I haven't
> bothered to check) that does all crypto stuff for you. But note that
> when any decrypted data touches your kernel (which you don't trust. as
> you stated), you are compromised.
Thanks a lot JKT for your detailed explanation. I do have a trusted chip 
on my thinkpad T43. I'll trust them alright. How to do hardware crypto 
using tpm under linux? I looked at the thinkwiki website but can't seem 
to find a lot of info about it. Specifically, what applications use it?

And what is the advantage of a TPM chip over the following method I'm 
considering: I have a usb key with encrypted key files. Only when I need 
to decrypt a file, I plug it in. I guess in this case a hacker can 
syphon off the decrypted key from the memory or just replace the gpg 
binary in my system. How is TPM different? Why can't he replace the 
binary of whatever program I use to decrypt what's on the TPM chip?

Thanks in advance for your explanation.
Jiang


> 
> > 	1) Authenticate me and decrypt my master password file on disk, 
> 
> You can't do that. PAM talks to your reader like "hey reader, please
> verify whether user is sweeping a finger described by following data:
> fooBar". You can't use that in a secure way for encryption.
> 
> > 	2) Use fingerprint for all the web logins. I know this is 
> > possible via software under windows. Why can't we have this under linux?
> 
> That should be possible, but isn't secure at all. Anyone who can get a
> copy of your HDD's raw data can read those files.
> 
> > 	3) Related to 1, use fingerprint reader to decrypt the ssh key 
> > when adding it to ssh-agent.
> 
> Exactly same as in 1).
> 
> Cheers,
> -jkt
> 
> -- 
> cd /local/pub && more beer > /dev/mouth
>