Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd

Jeff With The Big Yellow Suit jeff at drinktomi.com
Thu Apr 15 16:35:23 PDT 2004


>>Solution:  DON'T PICK STUPID PASSWORDS.  When appropriate and necessary
>>(such as in the case of Wifi), don't let your users pick the password.
>>    
>>
>problem is some folks dont know what a good passwd is or what is stupid
>passwd and pass phrases
>  
>
Exactly.   Computer security applications have moved very
rapidly into the consumer electronics arena.  Unless thought
is given to addressing these concerns in a user-friendly way
security concerns won't be addressed.   Doing the secure
thing needs to be insanely easy.

I imagine key choice and exchange as being automatable.
Picture every wireless device having a little contact area.

If you want two devices to communicate then you touch
them together and hold down a little buttons on each device.
When their lights go green they have exchanged the session
key.  Now they will talk together over a wireless connection.

You could have a little wand device that picks a random key,
or picks one up from another device.  You can you this wand
to set the keys in other devices about your house.

Or for meetings you could have a little session pad.   You press
a button and it chooses a key.   Everyone in the meeting syncs
their devices to it.   The session pad could be built into devices
like conference phones.  (Everyone wants to fondle the landmine
in the middle of the table anyway.)

The scheme could be generalized to handle a number of underlying
encryption schemes.  It doesn't prevent someone from walking in
and stealing the key from another device, but it does require
physical access.

There are problems with the scheme, but it potentially raises
the bar pretty far.

-jeff






More information about the Baylisa mailing list