Cypak recently launched their new authentication devices LoginKey. I did a security review of it, and it uses a per-device AES-128 key to encrypt information. It emulates a USB keyboard, so it works fine under Windows, Linux and Mac OS X.
Base encoding
My document that describe base encoding (base64, base32 and base16) was published yesterday by the IETF. Unfortunately, the source code could not be included (the IAB said no to including the copyright notice in the code, which is required by the LGPL), but it is available from the home page anyway.
Update of Kerberos V5 over TLS draft
I finally took the time to update the Kerberos V5 over TLS document. After submitting the new -01 document, I had a look at the -00 version and it was published around two years ago, yikes.
Kerberos 5 Credential Cache file format
Reading MIT/Heimdal Kerberos V5 credential files seemed like a good first step towards making Shishi more usable. Users will be able to continue using their existing Kerberos V5 applications and libraries, but will be able to gradually move to Shishi. This has actually been on the todo-list for Shishi since day one. A few months ago, Michael B Allen wrote up a specification of the keytab file format (i.e., the file format used by /etc/krb5.keytab), and I implemented it in Shishi. Now, that file contains hostkeys, and is thus only useful for servers. To be able to read the end-user credential files would be more useful. I fired up M-x hexl-find-file RET on /tmp/krb5cc_1000, and with the help of Michael’s prior work, I came up with the following file format description and basic implementation.
Kerberos ccache file format writeup