[ Thanks to Christopher Pallack for this
link. ]
“In this feature, David Corcoran, founder of the Linux
SmartCard Project, describes Unix passwords, their insecurities,
RSA, and using RSA PAM authentication and possible
attacks.”
“Authentication is usually done by providing a login name and a
password, which the system shares secretly with the user. This
guarantees that the person attempting to authenticate knows the
login and the password but this does not mean that the person is
who the system believes it is.”
“Public key cryptography has been in practice for many years to
help protect information for a particular user or group. Like the
name implies there is a public and a private component to this
method. Two keys are generated that have a unique mathematical
relationship with each other. One key is given to the public
(public key) and the other key is held by the user (private key).
One key can encrypt a particular text and the other must be used to
decrypt it. In most cases, a user who wants to deliver a document
to a recipient takes the public key. The user chooses the
recipient’s public key and encrypts the document and proceeds to
transmit the encrypted document to the recipient. The recipient
then uses their private key to decrypt the encrypted document and
the transmission was performed successfully.”