OK, shall we savage another security solution?

Nicholas Bohm nbohm at ernest.net
Thu Sep 20 02:27:10 EDT 2007

Leichter, Jerry wrote:

> If you think about this in general terms, we're at the point where we
> can avoid having to trust the CPU, memory, disks, programs, OS, etc.,
> in the borrowed box, except to the degree that they give us access to
> the screen and keyboard.  (The problem of securing connections that
> go through a hostile intermediary we know how to solve.)  The keyboard
> problem is intractable, though it would certainly be a step forward
> if at least security information didn't go through there.  This could
> be done either by having a small data entry mechanism on the secure
> device itself, or by using some kind of challenge/response (an LCD
> on the device supplies a random value - not readable in any way by
> the connected machine - that you combine with your password before
> typing it in.)  Maybe HDMI will actually have some use in providing
> a secure path to the screen?  (Unlikely, unfortunately.)

Would it not be possible to solve the keyboard problem by allowing a
keyboard (e.g. USB) to be plugged directly into the device?

Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list