Its a good idea to use strong authentication on connection (something
you {have, know, are}, pick any 2), and then use strong cryptographic
authentication on a per packet basis.
While the attacks (other than denial of service, such as
spewing randomgarbage into a session) are somewhat unlikely, and
simply using encryption is ***Much*** better than not using it, a
crypto hash for authentication is cheap; its unlikely to slow down any
connection a laptop makes.
The two factor authentication protects you, assuming you tell
users to keep their cryptocard in their pocket, not their laptop bag.
Adam
Christian ALT wrote:
| With encryption between a remote user's laptop and the central site, do
| you think that authentication is still necessary. This is the point on
| which i would like to exchange some thoughts.
|
| I admit that the encryption keys are unique to any user.
|
| Authentication is still necessary to access the ressources on the central
| site. But no more to access the site itself.
|
| In case that a laptop get lost, the site can be compromised. This is a
| risk we can accept or refuse.
|
| Any comment on that thought would be appreciated
|
|
| TIA
| CHA
|
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
