[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security
Joerg Bornschein
joerg@zilium.de
Thu, 22 Mar 2001 17:27:22 +0100
On Thu, Mar 22, 2001 at 03:08:08PM +0100, wojtek@ifirma.pl wrote:
Hi,
> There is no software-only solution to this problem. Two factor
> authorization is required i.e. an USB token and password. There are tokens
> currenty under development, where your private key never leaves the token.
> This takes security two steps ahead.
This is true, but you still have to trust large ports of the system to which
you present your token. And you have to trust your (local) userinterface
to do the operations you requested.
Note that you might be using trojaned software without noticing it.
joerg
--
The known is finite; the unknown infinite. Intellectually we stand on
an islet in the midst of an illimitable ocean of inexplicability. Our
business in every generation is to reclaim a little more land..
--T.H. Huxley