[CUWiN-Dev] Proposed Nodeconfig Change
David Young
dyoung at pobox.com
Wed Aug 1 01:37:39 CDT 2007
On Wed, Aug 01, 2007 at 12:39:56AM -0500, Matthew Isaacs wrote:
> On Wed, 2007-08-01 at 00:25 -0500, David Young wrote:
> > The web interface on nodes really needs some authentication and privacy.
> > We can put the same certificate on each node in a network, and then we
> > can give that certificate to every admin for that network, but if any
> > node is ever compromised, then we cannot trust the certificate any more.
>
> > These days there are cheap ICs that contain some "write-only" memory for
> > a secret and an engine for producing SHA-1 message digests. After you've
> > programmed the secret, you can write a bit string to the IC and it will
> > "mix" the string with the secret, compute the SHA-1 hash of the mixture,
> > and write it back to you. Maxim/Dallas makes a few such ICs---for
> > example, the DS2704. If somebody gets hold of a node containing one
> > of these, they can produce hashes using that particular physical IC,
> > but it will be tremendously difficult for them to replicate the IC or
> > its secret for reuse, quite unlike a certificate. I'd like to explore
> > the use of these ICs for authentication of nodes to nodes and nodes to
> > admins at CUWiN.
> >
>
> An interesting idea. Wouldn't it be possible to wire one of these in on
> the GPIO lines on nodes that have those available? Especially since
> this particular chip sports the Dallas 1-wire interface?
That's what I had in mind, yes.
Dave
--
David Young OJC Technologies
dyoung at ojctech.com Urbana, IL * (217) 278-3933 ext 24
More information about the CU-Wireless-Dev
mailing list