OK, shall we savage another security solution?
Nicholas Bohm
nbohm at ernest.net
Thu Sep 20 02:27:10 EDT 2007
Leichter, Jerry wrote:
...
> If you think about this in general terms, we're at the point where we
> can avoid having to trust the CPU, memory, disks, programs, OS, etc.,
> in the borrowed box, except to the degree that they give us access to
> the screen and keyboard. (The problem of securing connections that
> go through a hostile intermediary we know how to solve.) The keyboard
> problem is intractable, though it would certainly be a step forward
> if at least security information didn't go through there. This could
> be done either by having a small data entry mechanism on the secure
> device itself, or by using some kind of challenge/response (an LCD
> on the device supplies a random value - not readable in any way by
> the connected machine - that you combine with your password before
> typing it in.) Maybe HDMI will actually have some use in providing
> a secure path to the screen? (Unlikely, unfortunately.)
Would it not be possible to solve the keyboard problem by allowing a
keyboard (e.g. USB) to be plugged directly into the device?
Nicholas
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list