* Michael S. Zick wrote on Wed, Jul 15, 2009 at 07:38 -0500: > You can approximate that by grabbing the processor's silicon > serial number plus grab the USB stick's silicon serial number > plus a user input (partial) passphrase.
I assume a good virtualisation (maybe some patched VMWare or alike) allows to easily bypass this. Also, the OP wrote: `what if the agent takes the network card out and plug into his home PC' so here we need to raise the question if the agent takes out the CPU and plug into his home PC. > I.E: The files can't be copied to a different USB device (and still work); > The USB device must be installed on the same computer; > The user must provide the "secret" part of the passphrase. I don't have information how this is implemented, but I doubt that it cannot be attacked by virtualization and debuggers... (in other words, I'm afraid that this and several other proposals are `security through obscurity' only). oki, Steffen --[ end of message ]---------------------------------------------->8======= About Ingenico: Ingenico is the world’s leading provider of payment solutions, with over 15 million terminals deployed across the globe. Delivering the very latest secure electronic payment technologies, transaction management and the widest range of value added services, Ingenico is shaping the future direction of the payment solutions market. Leveraging on its global presence and local expertise, Ingenico is reinforcing its leadership by taking banks and businesses beyond payment through offering comprehensive solutions, a true source of differentiation and new revenues streams. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
