Crypto dongles to secure online transactions

Jeremy Stanley fungi at
Mon Nov 16 12:30:44 EST 2009

On Wed, Nov 11, 2009 at 09:42:21PM -0500, Jerry Leichter wrote:
> If one organization distributes the dongles, they could accept
> only updates signed by that organization. We have pretty good
> methods for keeping private keys secret at the enterprise level,
> so the risks should be manageable.

But even then, poor planning for things like key size (a la the
recent Texas Instruments signing key brute-forcing) are going to be
an issue.
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi at; IRC(fungi at; ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi at;
MUD(fungi at; WWW(; }

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list