Paul Boddie wrote: > https://www.bankid.no/Dette-er-BankID/BankID-in-English/This-is-how-BankID- > works/
Hmm, seems a little odd to have the keys both at the bank and in your device. But well, it's a possibility. If they leak somehow, this should be fun to figure out where that happened :) > http://ob-security.info/?p=631 Nice and simple ! There are interesting thoughts on more advanced challenge-response modes. He (?) also mentions that his device will see if other keyboards are changing *-lock modifiers. Yet another interesting HID feature I didn't know yet :-) It's interesting to see the first comment suggest use of a rotary encoder. After reading the article and even before noticing the comment, I did in fact go to my box of buttons and started to dig for these critters that I had bought a while ago: http://www.digikey.com/product-detail/en/EVQ-WKA001/P13381SCT-ND/822317 A design with the wheel below the PCB, a 7-segment LED and the rest of the electronics on top should allow shrinking the PCB from what looks like about 2 x 7 cm to little over 2 x 2 cm. A bit more elegant and with half the force, but larger, there would also be: http://www.digikey.com/product-detail/en/TSWA3NCB11LFS/CKN10342-ND/2627681 > https://www.thinkgeek.com/edm/20060222.shtml A bit more polished. I wonder at how much such a critter retails: Let's see how they compare to what I have in mind: Pass-Pal: + simplicity + adds interesting challenge-response modes - can't be used without USB, e.g., you need "a PC" either as the endpoint of the authentication dialog, or - in the case of a traditional password - at least to visualize the password. - needs easy access to PC's USB port - needs a trusted PC for setup Mandylion: + compact - limited to traditional passwords (no challenge-response) - no selection input from application - user sees passwords - password entry may be clumsy with just five buttons The Pass-Pal got me thinking, though. If we accept the concept of a trusted PC for setup, things get a LOT simpler. Almost watch-level simple ;-) Thanks, - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
