Bas Wijnen wrote: > That would also be possible, but it would be much less safe. The problem > is that the password is leaked over USB, and hardware sniffers are not > just a theoretical possibility.
The USB sniffer would work the same (if not better) with the keyboard you'd use in the absence of an encrypted channel. > Ideally, nobody uses passwords and > everything uses public key authentication. Ah, I'm thinking more of things like Web sites that ask for a password. Of course, this could easily encompass solutions that include a password on top of something else, e.g., the kind of challenge-response authentication with a "pocket calculator" better banks use. > Ben type them gives almost no security over typing them by hand, but it > does give the comfort of not having to type them. So it's not so much a > "safe", but more an "assistant". Which is useful as well. :-) Comfort removed an impediment to the use of longer and more cryptic passwords (harder to brute-force, if Eve gets her hands on the password hashes). Removing the screen-to-keyboard path also eliminates a number of attacks, including the good old peek over the shoulder, all sorts of keyboard monitoring, etc. Of course, in exchange you get the problem of securing the path between your Ben and your atusb, and also of making sure your atusb hasn't been tempered with. (Tamper-proofing the Ben would also be an issue, although separate from that of atusb.) > First I thought you wanted those sensors inside the NanoNote, which > would be a very weird way of controlling the device (which makes me > think of the wooden labyrinth with the rolling ball game on the iphone). Heh, only for wearers of the Pickpocket's Ring of Dexterity (+20) :-) > I don't like the need for batteries that this would imply. For the rest, > it would be cool. :-) Maybe you could make it use something the size of the Ben's Li-Ion battery. Still not perfect, but at least you'd be able to avoid primary cells and you'd have a common form factor. Of course, first you'd have to determine if you really want to avoid primary cells. If power consumption is low enough, maybe they're actually just as good as rechargable batteries. But I wouldn't expect power consumption to be low enough to make that a very popular choice. - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
