Hacker News new | past | comments | ask | show | jobs | submit login

Except that in most "real" two-factor systems, you can't duplicate the second factor easily. The problem here is if the private key is in main memory, malware can copy it to another computer that will be indistinguishable (for the purposes of authentication) from the first. With something like a smartcard that is made much more difficult. Not impossible, but beyond the reach of most folks.



You have a point. I would like to see crypto chips on motherboards/in the CPU that can generate a key, export a public cert and then be asked to sign things. Then this vulnerability disappears.


There are TPMs exactly for this. Not very popular, though.


These sound awesome. Wikipedia says many laptops have them. Is this true? If so, how can I detect one on Linux?


There are tpm kernel modules and tpm-tools package (in Debian, for example). Also sometimes device must be turned on in BIOS Setup.


And all of the recent Mac laptops have them. You need a special driver -- look here for a good writeup: http://osxbook.com/book/bonus/chapter10/tpm/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: