The WiKID Blog

Viewing posts from January, 2009

Aren’t wireless networks and devices inherently insecure?

Posted by: root 16 years, 2 months ago

Yes. That is why we asymmetrically encrypt all the transmissions. Each communication between the device and server is atomic as well, increasing security.

Why did you release an open source version?

Posted by: root 16 years, 2 months ago

We want people to use our software.

We benefit from feedback from users whether they pay or not.

We want to partner, not just with proprietary software developers, but also open source projects and other 'dual source' companies.

We hope that evaluators will actually look at the code for weaknesses and help us make the product better. It ain't fixed until you've broken it.

We use open source software everyday and wanted to give something back.

How scalable is the WiKID server?

Posted by: root 16 years, 2 months ago

Very. We have tested the WiKID server running on a low-end 1.4 ghz server with 256 meg of ram and IDE drive and have documented 50 transactions per second. The WiKID Server is a software appliance available as an ISO or a VMWare image that you put on your hardware platform of choice, so the scalability will depend on the hardware you choose.

What do I do when my wireless device is out of network coverage and I want to login with my WiKID credentials?

Posted by: root 16 years, 2 months ago

The WiKID System falls back to a challenge-response mechanism, which is part of the Radius standard. After the user enters their PIN, if the device is out of wireless network coverage, the WiKID Two-factor Client will prompt the user for a Challenge.

If the user is logging in to a VPN service, for example, the user enters their username, but leaves the passcode box empty. The VPN service responds with the Challenge, which the user enters into the WiKID client.

The challenge is encrypted with the user’s PIN and an offline-challenge secret and presented to the user Base-62 encoded (to keep the length manageable). The user enters this response for a passcode. The VPN service sends the Username, the Challenge and the Response to the WiKID server. If the WiKID Server can decrypt the Response can get the Challenge, the user is granted access.

How can a software token be as secure as a hardware token?

Posted by: root 16 years, 2 months ago

Simple, really.

There are two factors: possession of the private key and knowledge of the PIN. The private key is stored on the client. Our PC client, for example, this key is in a password-protected PKS12 encrypted file. If someone steals this file and brute-force attacks it and gets the passcode, they are only half-way there.

They still need the PIN. The PIN is stored encrypted on the WiKID server. Losing the private key is the equivalent of losing a hardware token. You're only half-way there.

Typical software tokens store the PIN, the secret and the algorythm all in the client. Clearly this is not the way to do it.

• Page 84 of 86
• ←
• 72
• 73
• 74
• 75
• 76
• 77
• 78
• 79
• 80
• 81
• 82
• 83
• 84
• 85
• 86
• →