|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Tue, 7 Mar 1995 11:44:52 -0500 From: "Joseph S. D. Yao" <jsdy@cais.cais.com> To: linux-security@tarsier.cv.nrao.edu Cc: jacob@jacob.remcomp.fr Reply-To: linux-security@tarsier.cv.nrao.edu I'm sure folks will correct me if I'm wrong, but aren't BIOS values just stamped into the BIOS chips identically per run? So, the idea of a function based on values read from the BIOS and the non-volatile memory would very likely return identical values from identical machines. This doesn't give us a very secure ID. If they're all on a net, one way that's been used is to use the hardware ethernet address [MAC?] on the ethernet board. I don't know whether the other network types have unique hardware addresses on board. If the network type [ISDN?] doesn't use boards with unique hardware identifiers, then IMHO what needs to be done is manually provide each system with a unique, hard-to-guess identifier. This has the advantage that hardware changes to the system don't require re-identifying the system. It has the disadvantage that the identifier has to be sent to the user, and then stored by that user, which increases the likelihood of interception. How does Kerberos do this? If I remember right, it uses user identification, not machine identification. I suppose that putting Kerberos on the MS-Windows machines is not an option. [;-)] Joe Yao jsdy@cais.com - Joseph S. D. Yao
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |