Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Basically you give the user a device that has the private key, but never exports it. eID uses this: https://images.duckduckgo.com/iu/?u=https%3A%2F%2Fimage.slid...


People lose their phones, wallets, and keys all the time, and these are things that they constantly use and check for. What chance does a "little device the government gave me that I don't use very often" have?


Making the device something that is used often is actually a good way around that problem. It's a bit like housekeys. It's not so much that you can't leave without them, but it's a bit hard to return, so you tend not to leave without them....

I'm strongly partial to a worn form-factor. A near-field-chip ring, essentially a modern signet ring, which interacts with various authentication systems, strikes me as attractive.


I've written here on HN before that it should be a device that is issued that has the private key, but that private key is also hashed with a pin and some piece of biometric data. The pin itself would be changeable (forced every 90 days, at will anytime). The device would have a keypad.

You would go down to some place (govt office) to get the device (card?). They would take the device, pop it in a reader/writer, and the device would ask you for a key and your biometric data (maybe a fingerprint?). The device would have on it a keypad and fingerprint reader (or whatever). Once you typed in your pin and scanned your fingerprint, it would generate a private key, hash all three together and store it in the card. This key would be "permanent" to the card (if you lose the card, you have to get another). The key wouldn't be saved anywhere (not in a govt database, etc). And it couldn't be retrieved from the card.

To prove your identity, you would slot the card into a reader, swipe your fingerprint, type in your pin. If your pin and fingerprint plus key on card hashed matches the stored hash - then you are identified and the card outputs a "true" value to the reader. Otherwise, it outputs a "false" value indicating no match.

Multi-factor auth - something you have (the card), something you know (the pin), something you are (the fingerprint/biometric).

That's the basic gist or blueprint - essentially an ID card that can't have it's id read (not easily at least - I imagine that you could read it with proper decapping and electron microscopy), with a built in keypad and biometric read sensor in one unit. Anywhere you need to do a transaction to prove yourself, you need to use a reader (even online - so as a part of you getting your card, you would get a reader too).

There's probably a ton in the scheme that I am missing or have wrong, but I think the basic idea is there, and I think it is possible to do with today's technology. The idea is that just having the card alone isn't enough. Just having the id number/key isn't enough. You need all three pieces for it to work.

It isn't "rubber hose" proof - but then again, not much is or can be.


> The pin itself would be changeable (forced every 90 days, at will anytime)

You have now destroyed any security this device has, as no one wants to create a brand-new PIN every 90 days, no matter how much or little entropy it has.

Changing passwords on a regular basis as a security best practice has been debunked for years now. Even NIST is (finally) on board, saying that forced regular password changes should not be used in an attempt to increase security.

Your password/PIN should be changed iff there is reason to believe it has been compromised.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: