On 07/22/11 14:09, Tracy Reed wrote:
> On Fri, Jul 22, 2011 at 02:03:49PM -0700, Robert Hajime Lanning spake thusly:
>> Not enforcible, unless you use something like a PKCS#11 token, where you
>> have to authenticate to the hard token to get access to your private key.
>
> You can't enforce people not simply giving away their passwords or
> writing them down in silly places either. The perfect solution is
> non-existent.
>
True there is no perfect solution, but at least with PKCS#11 you have a
password and the token. Something you have, the token (that can't be
duplicated) and something you know, the pass-phrase.
Nice thing about tokens is that you *usually* know when they are
missing. Passwords can be copied and you find out after the break-in.
--
END OF LINE
--MCP
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
