[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security
Joerg Bornschein
joerg@zilium.de
Thu, 22 Mar 2001 18:11:09 +0100
On Thu, Mar 22, 2001 at 10:42:44AM -0600, trey@treysoft.com wrote:
Hello,
> > This is true, but you still have to trust large ports of the system to which
> > you present your token. And you have to trust your (local) userinterface
> > to do the operations you requested.
> >
> > Note that you might be using trojaned software without noticing it.
> >
> If your Jr. Spaceman's Decoder Ring does all of the encrypting, the attacker
> can't hope for much more than garbage data, no? (I realize this makes all
> sorts of assumptions about initial trust relationships, etc.)
I agree, authentication with hardware token you trust not to leek information
is a big step ahead.
But you're still lost, if your ssh client, graphics/keyboadr/mouse driver or
anything else in your I/O path inserts commands you did not intend to.
Or the "login screen", which requests you to insert your token, is not
systems one.
These things happen...
joerg
--
The known is finite; the unknown infinite. Intellectually we stand on
an islet in the midst of an illimitable ocean of inexplicability. Our
business in every generation is to reclaim a little more land..
--T.H. Huxley