Steven D'Aprano <steve+comp.lang.pyt...@pearwood.info> writes: >> Supply the client with tamper-proof hardware containing a private key. > > Is that resistant to man-in-the-middle attacks by somebody with a packet > sniffer watching the traffic between the device and the website?
Sure, why not? As long as the crypto is done properly, that is. But, there is also the matter of securing the path from the data to the hardware. I don't have the impression that the OP has really thought this through. -- http://mail.python.org/mailman/listinfo/python-list
