Subscribe via feed.

USB key authentication on OSX (10.3)

Posted by deepquest on September 5, 2004 – 1:51 pm

I’ve been waiting for that product for ages, a usb key for authentication on my computers. I even thought of paying a company to develop the drivers and softwares.
But why USB key for authentication? Well there many ways of bypassing OSX authentication mecanismes, and that made me really nervous!
The main reason is that I think that login/password process is getting way to old and I was bored typing very long and complex passwords.

First of all the usb key is NOT a storage key, it’s a token that that allow you logon one or several computers with one usb2 key.
The price is fair $99 and you get a nice box with a setup cd and 2 USB 2 keys. On the other hand in case you loose the 2 keys, you can ask Griffin Technologies to resend you a key which mean they can store the token.

::Installation::

image
The installation process is easy, I mean like any installation on OSX. The pkg will install a 377ko packadge on your system, then a setup wizard will setup the key for you. The only options you will have to choose when the securikey token is removed are: switch to login window (default option), logout user, or shutdown the computer. After you’ll review your settings and will be prompt to reboot.

A control panel is installed to activate or desactivate the token with various options. You can add users, change options and more.

After rebooting you will have to insert the usb key AND type your password. If you select the default option during the wizard fast user switching will be activate.
There’re few minor bugs: I activated expos? with hot corners and they’re not usabele anymore, files on my desktop are not clickable anymore but still I can access them with browsing the files with the files. After a second reboot everything was solved.

A good product finally available for Mac OS 10.3 from [url=http://www.securikey.com/]Griffin Technologie[/url] to keep your workstation(s) or server safe(r).

[b]9/21/04 update[/b]: if you loose your securikey you’re not totaly lost. During the install process the token (some kind of unique ID) will be stored at by Griffin Tech so if you loose it they’ll be able to send you by blue mail another usb key in exchange of few dollars. Is it bad to store the token at Griffin? Well it won’t allow any remote access to your computer.
Worst case scenario: they have to get to travel to your location, get physical access to your computer, guess the password…That’s a lot of “IF” 🙂


This post is under “OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

No Respond so far- Add one»

  1. 1. deepquest Said:

    afaik Lexar JumpDrive is a data storage solution that may include password, while the securikey only store your token.

    I’m trying to work on MUSCLE – Movement for the Use of Smart Cards in a Linux Environment actually it’s not only linux since they support OSX and various other Unix based OS.

    Some of the tools are already installed on OSX, for eg type “pcsctest” in terminal.

    Don’t you remember the Common Access Card option for the feds in OSX? Run cac_setup as root.

    I’m working on the integration of PKCS#11 in Firefox, and trying a way to use the securikey with pgp. OSX version doesn’t support yet (will in version 9), the smart card system is only support in win32 version.

  2. 2. hard-mac Said:

    I wonder what type of crypto it uses? Anyone know?

    —-
    Lexar JumpDrive Secure(tm) Password Extraction

    Overview:

    From the User Guide:
    “Lexar Safe Guard(tm) is an application that allows you to password
    protect private files on your Lexar Jump Drive. Safe Guard allows
    you to divide your JumpDrive into two different areas, or zones.
    The public zone, which comes up automatically when you insert your
    Jump Drive into a USB port on your computer, is accessible by any
    one using your drive. The private zone is password-protected and no
    one can open, copy, or write files to it without entering the
    password first.”

    There is a method of accessing the private zone on the JumpDrive
    Secure 1.0 device without knowing the password beforehand. The
    password can be observed in memory or read directly from the
    device, without evidence of tampering. All data thought to be
    secure in the private zone can be accessed, altered, or deleted
    arbitrarily by an attacker with physical access to the device.

    http://www.atstake.com/research/advisories/2004/a091304-1.txt

  3. 3. deepquest Said:

    true for USB2 I just noticed it uses USB 1 speed:
    Speed: Up to 1.5 Mb/sec
    Product ID: 3031 ($bd7)
    Bus Power (mA): 500

    for win partitions you can use EFS, worked fine here, plus the same key can be used on both computers

  4. 4. eb Said:

    Are you sure of the USB2 requirement?

    What I read here : “http://www.securikey.com/pro/sys_req.html” mention only USB (so I guess USB 1.1 is ok)

    One more problem… it doesn’t works with WinFS so people need to buy new ones in 2050

Post a reply

You must be logged in to post a comment.