Smart Card Authentication

[danbo]

By Dolda2000

Basically, yeah. If you're so worried of having to type your root password, maybe you should think of other means of authentication instead, such as smart card readers and stuff.

how exactly can this be used, can you explain some more please ?

[Dolda2000]

I wasn't really serious about that, but it is possible, of course. Smart card authentication is used rather commonly, I think. The basic thing is that you have a smart card (common ones have a Microchip PIC16C84 microcontroller), that you load with a private RSA key (the public key is on the computer). Then, when you want to authenticate, you have a PAM module that sends a challenge to the smartcard, which signs it with the private key, and then the PAM module checks the validity of the signing with your public key, and authenticates you if it's correct. I don't know how well established it is though; you're probably in for a lot of tuning and troubles. A smartcard reader isn't too cheap either, unless you build it yourself.
It would make an interesting project to do it all by yourself, of course. It's far from impossible. PIC16C84 smartcards are pretty cheap, and if you assemble your reader yourself, it shouldn't be too expensive. Then you just have to make your own PAM module and program the card.

[Dolda2000]

I and a friend of mine have done a whole lot of playing with smart cards, PICs and interfacing them with a computer. If you know your way around, it's not too hard to make your own smart card authenticator, but if you're not hardware-ish enough, it won't be too easy.

[danbo]

i found a smartcard reader for £6 .... is this the right sort of reader

http://ebuyer.com/customer/products/...duct_uid=30929

[Dolda2000]

No. That's a SmartMedia reader. SmartMedia cards are just memory cards, and are commonly used in digital cameras. Although it _would_ of course be possible to implement this with a SmartMedia card, it wouldn't be a tenth as secure, and it would be a waste of resources to buy a SmartMedia card able of holding several MBs when you'll just be using a few KBs.
A smartcard, on the other hand, like the one I described, has the shape of a credit card, and has a small chip embedded that is capable of data processing (hence the name "smart" card). There are smart cards that look the same as these but only contain a memory chip, too. They are commonly used for public pay phones (at least here in Europe, I don't know about the US).
Can someone name a large chain for selling electronic devices in the US? Something like ELFA in Sweden.

[danbo]

can you post a link or picture, which will describe in more detail what a smart card looks like and what the reader looks like, and if possible how they work ?

[Dolda2000]

Here's a link to a RSA card by GemPlus:
http://www.gemplus.com/products/gpk16000/

Here's a link to a reader. I don't know if it's compatible, though.
http://www.gemplus.com/products/gempc410_sl/

[danbo]

what is the normal price range for the cards and readers ?

[Dolda2000]

I really haven't got a clue. You can assemble your own card->PC interface with parts from, for example, ELFA that I mentioned (although that's a Swedish company, so I don't think you'd prefer it).
You'll have to buy the card itself, though. ELFA only sells memory cards, and the only smart card I have, I got from a friend for free, so I don't know the cost. They're used in satellite TV decoders, for example.
You don't necessarily have to use smart cards, though. I don't know of any established standard or distribution anyway, so if you're after my guidance, you're aiming towards home-brew anyway.
Technically, you could just interface a PIC directly with the computer. I've been playing a little with the PIC16F870 for a while now (I'm going to build a LCD terminal to connect to my computer). It has built-in UART and all sorts of things. I you want me to, I could draw you a schematic which you can build into the casing of a D-SUB connector and connect directly to the serial port of your computer.
I can't say that I know the exact algorithms for RSA, though, (yet, that is), so I can't help you program the PIC (yet, that is). But like I said, if it's really my guidance that you want, you're in for home-brew anyway, and as any such, it probably doesn't work on the first try.

[danbo]

i don't think me making one would be a good idea, i can barely solder a simple circuit board... i am going to learn though