On 2011-07-13 9:25 AM, Marsh Ray wrote:
Everyone here knows about the inherent security-functionality tradeoff.
I think it's such a law of nature that any control must present at least
some cost to the legitimate user in order to provide any effective
security.
Extremely low cost security is feasible - indeed high cost security is
insecure, since users can socially engineered to bypass it.
See for example "not one click for security"
http://www.google.com.au/search?q=%22not+one+click+for+security%22
Not one click for security is achievable, but a little ambitious. One
click security is, however reasonable and readily achievable.
There is nothing inherently difficult about one click security - what is
difficult is interfacing one click security with existing insecure
protocols.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography