At 12:01 PM +1200 5/10/07, Robin Sheat wrote: > Content-Type: multipart/signed; boundary="nextPart1622971.NJ1973Q3ia"; > protocol="application/pgp-signature"; micalg=pgp-sha1 > Content-Transfer-Encoding: 7bit > > On Wednesday 09 May 2007 02:11:05 ljknews wrote: >> I would suggest two factor authentication, requiring some smart card >> (with built-in keypad, to prevent intercept of the pin) that actually >> provides the decryption. Make the user keep the smart card with them, >> such as by requiring it for entrance to the cafeteria or rest room. > That's not possible in this case. Mostly because it would involve more > investment on our part than the customers would be willing to pay for. > > However, I'm interested in generalising the ideas in this thread to go beyond > my particular situation; "if you were storing data in an application on a > laptop, how would you keep it as safe as is feasible?"
The tension between "as safe as is feasible" and "not willing to pay for" is not susceptible to generalization. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________