[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardware generators was: your mail
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, [email protected] writes:
> Understood, but its not a matter of addressing 90% or the
> other 10%, its a matter of "Is the security gain in building a card
> that only hands out each number once worth cutting out 10% of the
> market?" I think that if you are worried about rouge code on your
> machine, you aren't going to run on a computer that can't protect its
> memory from random browsing. (I can still access all of a PC's memory
> from normal code, can't I?) Thus, building a PC card doesn't really
> afford you a gain in security if I can use my hostile code to read
> PGP's memory locations. If you agree with that, then there is no good
> reason not to build a serial port dongle, and include me in your
> potential customers. :)
The card design isn't so much security as avoiding scarce real estate on
a PC (which, at somewhere over 130 million units fielded, is a not
inconsiderable market segment). If this were a dongle device, I'd want
it on a parallel port. Many machines don't have a spare serial port,
and transparent dongles would be harder to do there, anyway. But
transparent parallel port dongle technology is already established.
- --
Roy M. Silvernail | #include <stdio.h> | PGP 2.3 public
[email protected] | main(){ | key available
| int x=486; | upon request
| printf("Just my '%d.\n",x);} | (send yours)
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBLgRkdhvikii9febJAQFLeAQAitqR4viAo/o/zxVzV/ixxvDZiTtO8R3u
FrxtuNWHAnxoNivuGOJ0zkyYEGOeMFuw2s8ZFKhpGdJwLn2zFl/m9C6H7WKbjaJv
gtMAjEr1QFvmhm5KUSB9aARIWHn2kvwyqCZae829y29jH9jiNxRgIxnaezbPd5gA
xNVImYKQZOo=
=Hz6T
-----END PGP SIGNATURE-----