-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/03/2011 07:43 PM, sebastian nielsen wrote: > Marc Petit-Huguenin: How did you get one bought (cant find any buy > option, and It would be good if you could point me to a webstore that > sells those secure MicroSD cards) and how much do they cost?
Well, it's a PITA, as you cannot pay by credit card. I had mine bought by a German friend of a friend, who was traveling to the US. Anyway, here's the website: https://www.cardsolutions-shop.com/shop/gi-de/ > > Nikolay: In this case, the security is about singulary. The key should > be copy protected, but it does not need to be use-protected because I > want to be sure, that if I leave the phone on a table, go on toilet, > come back and take it back, I can be sure that nobody has access to my > key, even if they impersonated me in that little brief amount of time > that I was on toilet for example. > Having the key stored in "software" (eg software token or in standard > phone memory), the key is no longer secure, since if I leave my phone > out of sight even for a brief amount of time, its possible that > somebody just copied my key. > If I store the key in software, I would need to have 100 % of sight of > the phone all the times, else the key could be regarded as > "compromised". > > In other words, if I have the phone in my hand, I should be > *absolutely* confident in that nobody can authenticate as me. > > Another example, I lend my device to my friend for the purpose that my > friend can log in to my account for a brief time. When I then get the > device back from my friend, I want to be sure that my friend doesn't > have a copy of my private key and can log in as me, in case we stop > being friends and sabotage for me. > - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk1wbLMACgkQ9RoMZyVa61d3TgCeKdEj8lZ9STX7GsDpkGeGG5EU W80AoJCYlMqSPIa57+MbkB0WUI00A1OX =LQxo -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
