[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ArcotSign (was Re: Does security depend on hardware?)




On Sun, Sep 20, 1998 at 06:45:06PM +0200, Lucky Green wrote:
| On Sat, 19 Sep 1998, Ryan Lackey wrote:
| 
| > 
| > [from a discussion of tamper-resistant hardware for payment systems
| > on [email protected], a mailing list dedicated to digital bearer systems,

| o ArcotSignTM technology is a breakthrough that offers smart card tamper
| resistance in software. Arcot is unique in this regard, and WebFort is the
| only software-only web access control solution on the market that offers
| smart card security, with software convenience and cost. [We have now
| entered deep snake oil territory. Claims that software affords tamper
| resistance comparable to hardware tokens are either based in dishonesty or 
| levels of incompetence in league with "just as secure pseudo-ontime
| pads"].
| 
| In summary, based on the technical information provided by Arcot System,
| the product is a software based authentication system using software based
| client certificates.

	I have no knowledge of Arcot's systems and can't comment on
them.  Hoever, there are ways to make software hard o disassmeble
and/or tamper with.  Given that Arcot is probably going to attack
smartcards as being easily attacked, 'smartcard level' security is not 
that high a target, the claim may not be so outlandish.

	Be intestesting to see how fast the code is.  If they're
embedding certs in complex code that needs to run to sign, then theft
of the cert may be difficult.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume