password safes for mac

Anne & Lynn Wheeler lynn at
Wed Jul 1 17:47:37 EDT 2009

On 07/01/2009 02:10 PM, Nicolas Williams wrote:
> I should add that a hardware token/smartcard, would be even better, but
> the same issue arises: keep it logged in, or prompt for the PIN every
> time it's needed?  If you keep it logged in then an attacker who
> compromises the system will get to use the token, which I bet in
> practice is only moderately less bad than compromising the keys
> outright.

Nominally, hardware token is "something you have" authentication. In many implementations,
business rules are added to the chip for stuff like business requirements for
multi-factor authentication (like in conjunction with PIN). The resulting
situation is business rule/environment specific.

In the late 90s, there was work on EU FINREAD standard for external trusted
card-acceptor device ... that had trusted pin-entry and trusted display. The
objective was countermeasure to lots of well known compromises of PCs (including
keylogger ... implying that compromised PC could operate an external hardware token,
even if PIN was required per transaction).

A lot of this evaporated in the early part of this decade in the wake  of with
various troubles associated with hardware tokens.

As an aside ... one of the things we did in the AADS patent portfolio was
to remove business rules from the hardware token ... as part of
enabling "person centric" operation (i.e. the same token might be
used for lots of different environments ... as opposed to having
hardware token for every unique business environment).

An AADS hardware token can support both single-factor as well as multi-factor
authentication operation ... but it is up to the business application interacting
with the hardware token to indicate the amount of authentication & integrity
(some assumption about "security proportional to risk" ... for instance,
whether or not PIN might be required for every operation, or at all).

40+yrs virtualization experience (since Jan68), online at home since Mar1970

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list