[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardware generators was: your mail



-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, [email protected] writes:

>         Understood, but its not a matter of addressing 90% or the
> other 10%, its a matter of "Is the security gain in building a card
> that only hands out each number once worth cutting out 10% of the
> market?"  I think that if you are worried about rouge code on your
> machine, you aren't going to run on  a computer that can't protect its
> memory from random browsing.  (I can still access all of a PC's memory
> from normal code, can't I?)  Thus, building a PC card doesn't really
> afford you a gain in security if I can use my hostile code to read
> PGP's memory locations.  If you agree with that, then there is no good
> reason not to build a serial port dongle, and include me in your
> potential customers. :)

The card design isn't so much security as avoiding scarce real estate on
a PC (which, at somewhere over 130 million units fielded, is a not
inconsiderable market segment).  If this were a dongle device, I'd want
it on a parallel port.  Many machines don't have a spare serial port,
and transparent dongles would be harder to do there, anyway.  But
transparent parallel port dongle technology is already established.
- -- 
    Roy M. Silvernail       |  #include <stdio.h>            | PGP 2.3 public
[email protected]   |  main(){                       | key available
                            |  int x=486;                    | upon request
                            |  printf("Just my '%d.\n",x);}  | (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgRkdhvikii9febJAQFLeAQAitqR4viAo/o/zxVzV/ixxvDZiTtO8R3u
FrxtuNWHAnxoNivuGOJ0zkyYEGOeMFuw2s8ZFKhpGdJwLn2zFl/m9C6H7WKbjaJv
gtMAjEr1QFvmhm5KUSB9aARIWHn2kvwyqCZae829y29jH9jiNxRgIxnaezbPd5gA
xNVImYKQZOo=
=Hz6T
-----END PGP SIGNATURE-----