[145076] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (Jeremy Stanley)
Mon Nov 16 13:09:38 2009
Date: Mon, 16 Nov 2009 17:30:44 +0000
From: Jeremy Stanley <fungi@yuggoth.org>
To: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: <E516F0CA-86B8-4409-A3EB-774B7E1E2DEE@lrw.com>
On Wed, Nov 11, 2009 at 09:42:21PM -0500, Jerry Leichter wrote:
[...]
> If one organization distributes the dongles, they could accept
> only updates signed by that organization. We have pretty good
> methods for keeping private keys secret at the enterprise level,
> so the risks should be manageable.
But even then, poor planning for things like key size (a la the
recent Texas Instruments signing key brute-forcing) are going to be
an issue.
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
