[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security

[kragen@pobox.com]

trey@treysoft.com writes:
> If your Jr. Spaceman's Decoder Ring does all of the encrypting, the attacker
> can't hope for much more than garbage data, no?  (I realize this makes all
> sorts of assumptions about initial trust relationships, etc.)

And all of the decrypting, too, right?  How does it decide what to
decrypt?  Does the user tell it, or does the big computer with the
encrypted data tell it?  And what does it do with the decrypted data?
Give it to the user (how? vibrate in Morse Code?), or give it back to
the big computer for further processing?  If the compromised computer
is in a position to use the iButton to decrypt things and get back the
results, it can send it to the attacker over the network or save it on
disk for later perusal.