Crypto dongles to secure online transactions

John Levine johnl at
Tue Nov 17 20:40:28 EST 2009

>> In this case, heck, no.  The whole point of this thing is that it is
>> NOT remotely programmable to keep malware out.
>Which is perhaps why it is not a good idea to embed an SSL engine in such
>a device.

Agreed.  A display and signing engine would be quite adequate.

>Such a device does however need to be able to suppor multiple mutually
>distrusting verifiers, thus the destination public key is managed by
>the untrusted PC + browser, only the device signing key is inside
>the trust boundary. A user should be able to enroll the same device
>with another "bank", ...

If you really need the ability to do that, I'd think it would be
better to make an expandable version into which you could plug each
bank's chip+pin cards, not try to invent a super-protocol for
downloading a bank's preferred keys.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list