>You propose to put a key into a physical device and give it >to the public, and expect that they will never recover >the key from it?
It's been on the market for six years now; so far, the foundation has held up. (We also were darn careful about the design and evaluation; we ended up earning the first FIPS 140-1 Level 4 cert, but went beyond it in several respects.) But there are numerous war stories and drawbacks---which is why I find the new generation of initiatives interesting. (Particularly since I don't have to build products anymore! :) > Seems unwise As does the alternative proposition that one should NEVER, under any circumstances, have sensitive data or computation on a remote machine. --Sean -- Sean W. Smith, Ph.D. [EMAIL PROTECTED] http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]