Dexter Filmore wrote: >> A usb stick is basically just a very long password that you have to keep >> written down somewhere. Stick your USB stick into an untrusted computer, >> and your key is compromised, just like a fixed password would be. > > If all that can be read is my public key?
But having only your public key on your USB stick does not prove who you are. You need your private key on there. > USB sticks - spread, can attach almost to any half way modern computer. > Smart card reader - about as common as BeOS. > I agree on your security thoughts, but what good is a key that doesn't fit > any > lock. I think maybe what we need is a smart card that presents itself to the host machine as a USB stick. It has a file that you write a challenge into which gets processed by a cpu which has access to your private key and a file which the host computer can then read the response out of. -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
