On Wed July 15 2009, Steffen DETTMER wrote: > * Michael S. Zick wrote on Wed, Jul 15, 2009 at 07:38 -0500: > > You can approximate that by grabbing the processor's silicon > > serial number plus grab the USB stick's silicon serial number > > plus a user input (partial) passphrase. > > I assume a good virtualisation (maybe some patched VMWare or > alike) allows to easily bypass this. > > Also, the OP wrote: > > `what if the agent takes the network card out and plug into his home PC' > > so here we need to raise the question if the agent takes out the CPU > and plug into his home PC. > > > I.E: The files can't be copied to a different USB device (and still work); > > The USB device must be installed on the same computer; > > The user must provide the "secret" part of the passphrase. > > I don't have information how this is implemented, but I doubt > that it cannot be attacked by virtualization and debuggers... > (in other words, I'm afraid that this and several other proposals > are `security through obscurity' only). >
Ah, the overpowering drive to be "right" Regardless of how much context you must cut from the post be "right" <quote> Not as good as a device engineered to secure information, but "hard" enough to be safe from compromise by the casual user. </quote> Or maybe your finger was reaching for the "reply" key before your eyes got to that qualification. Ah, the urge to be "right" at any cost. Mike > oki, > > Steffen > > > > > > > > > > > > > > > > > > > > > > > > > > > --[ end of message ]---------------------------------------------->8======= > > > > About Ingenico: Ingenico is the world’s leading provider of payment > solutions, with over 15 million terminals deployed across the globe. > Delivering the very latest secure electronic payment technologies, > transaction management and the widest range of value added services, Ingenico > is shaping the future direction of the payment solutions market. Leveraging > on its global presence and local expertise, Ingenico is reinforcing its > leadership by taking banks and businesses beyond payment through offering > comprehensive solutions, a true source of differentiation and new revenues > streams. > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you for > your cooperation. > P Please consider the environment before printing this e-mail > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
