Wolfram Kahl wrote: > Could A Crypto-Computer in Your Pocket Replace All Passwords?
Nice idea, also the possibility to authenticate the entity requesting the password. (The real challenge is how to make this authentication stick in practice such that it's not vulnerable to man-in-the-middle attacks. You could rely on your browser's certificates, but ...) The Ben could also be a nice password safe. It's small, chaste by nature, and it would enjoy the security you get through relative obscurity. Passwords that are cryptic or long and thus hard to type could be sent over WPAN, to an atusb programmed to act as USB keyboard, with appropriate encryption between Ben and atusb. In my opinion, prerequisited to turn this into a properly mass-marketable solution would include the ability to simplify and customize the keyboard (e.g., while you may have use for certain function keys, a consumer device marketed as a password safe would not name them F1 through F8), to integrate the communication, and probably also to add some safeguards to the device itself to protect it against compromises once the safety of obscurity goes. This idea isn't new. It was about the first thing I though of it when I saw the Ben for the first time, and also other people have mentioned it from time to time. Alas, to really pull this off, we still need more design control than we currently have. That shouldn't stop anyone from writing a password safe for the Ben as a proof of concept, though. - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
