[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ArcotSign

To: [email protected]
Subject: Re: ArcotSign
From: Lucky Green <[email protected]>
Date: Tue, 22 Sep 1998 21:36:31 +0200 (CEST)
cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Tue, 22 Sep 1998, Anonymous wrote:
[On Arcot's virtual smartcard claims] 
> The analogy with smart cards is that these cards protect your private key.
> With a perfect smart card, an attacker can't do any better than chance
> guessing of your private key.  With the Arcot system, the same is true.
> Decrypting the private key file gives no information about its content,
> because pure random data is encrypted.  Therefore with their system the
> attacker also can't do better than chance guessing.

With Arcot's system, an attacker could determine the key *software only,
most likely even by remote*.

Extracting keys from a smartcard requires *hardware and physical possesion
of the token*.

Which touches at the very core of the difference between
tokens and software based solutions. The claims made on the vendor's
homepage are simply false. There is no other way of putting it.

-- Lucky Green <[email protected]> PGP v5 encrypted email preferred.

References:
- Re: ArcotSign
  - From: Anonymous <[email protected]>

Prev by Date: Re: Stego-empty hard drives... (fwd)
Next by Date: Fwd: RE: HOAX: I don't care if this is real or not! But forwarding is not hard for me if I help
Prev by thread: Re: ArcotSign
Next by thread: RE: ArcotSign
Index(es):
- Date
- Thread