Posted by:
admin
17 years, 1 month ago
WiKID got a nice review over at the Coffee Corner. I hope they do test the WiKID server on your home network. That is exactly the scenario we envisioned when we released the open source version. No reason why home users shouldn't be able to have strong authentication. I do want tot try to clarify some of the issues, if I understand them correctly:1. "It would be possible to capture and spoof the encrypted PIN transmission to the WiKID server." The PIN is sent to the WiKID server encrypted by the server's public key and a one-time use AES key. Capturing and spoofing the PIN in hopes of getting the OTP doesn't do you any good unless you also steal the one-time AES key and the user's private key.
2. "In a traditional scenario, not only is my PIN secret but my token is unique - somebody has to have my token in order to impersonate me. With WiKID, I can authenticate using anybody’s device client that has my server’s key." Not so. Each user has a unique public/private key pair with their WiKID token. The security of the system is not solely dependent on keeping the PIN safe.
I look forward to hearing about the install. I think we've done a pretty good job there keeping things simple, but it always helps to get feedback.
Share on Twitter Share on Facebook