Rich Salz <[EMAIL PROTECTED]> writes: >Second, if the key's in hardware you *know* it's been stolen. You don't know >that for software.
Only for some definitions of "stolen". A key held in a smart card that does absolutely everything the untrusted PC it's connected to tells it to is only marginally more secure than a key held in software on said PC, even though you can only steal one of the two without physical access. To put it another way, a lot of the time you don't need to actually steal a key to cause damage - it doesn't matter whether a fraudulent withdrawal is signed on my PC with a stolen key or on your PC with a smart card controlled by a trojan horse, all that matters is that the transaction is signed somewhere. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
