OK, shall we savage another security solution?

Leichter, Jerry leichter_jerrold at emc.com
Thu Sep 20 12:59:56 EDT 2007

| > If you think about this in general terms, we're at the point where we
| > can avoid having to trust the CPU, memory, disks, programs, OS, etc.,
| > in the borrowed box, except to the degree that they give us access to
| > the screen and keyboard.  (The problem of securing connections that
| > go through a hostile intermediary we know how to solve.)  The keyboard
| > problem is intractable, though it would certainly be a step forward
| > if at least security information didn't go through there.  This could
| > be done either by having a small data entry mechanism on the secure
| > device itself, or by using some kind of challenge/response (an LCD
| > on the device supplies a random value - not readable in any way by
| > the connected machine - that you combine with your password before
| > typing it in.)  Maybe HDMI will actually have some use in providing
| > a secure path to the screen?  (Unlikely, unfortunately.)
| Would it not be possible to solve the keyboard problem by allowing a
| keyboard (e.g. USB) to be plugged directly into the device?
Perhaps.  Public systems usually don't have "unpluggable" keyboards.
If I have to carry my own, I'm well on my way to just having my
own portable system (which may be the way things end up anyway).

							-- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list