From: "Minow, Martin" <[EMAIL PROTECTED]>
Jim Choate writes:
> Bull, the hardware companies aren't any more trustworthy.
I've been recommending the Dallas Semiconductor "iButton"
<http://www.ibutton.com> for secure storage. The Java version
also lets you implement your own on-chip algorithms so you
can implement time- and usage-limited encryption. The chip
has an on-board 1024 bit RSA engine and other useful features.
Also, the Dallas folk put a lot of effort into making the
iButton secure against a variety of physical attacks, including
power analysis, probing, and physical dissassembly (all code
is on battery backed-up SRAM). The iButton is FIPS-140 certified.
On the other hand, there is no way for a customer without
access to "national resources" to determine whether there is an
undocumented way around their protection mechanisms (such as
a hard-wired master password). About all you can say is that,
if a back-door was discovered, the company would lose all
credibilty.
Is this good enough for all but the most paranoid?
Martin Minow
[EMAIL PROTECTED]
