On Tuesday 23 June 2009, Rob Scheepmaker wrote: > On Tuesday 23 June 2009 19:42:55 Fabrizio Montesi wrote: > > On Tue, Jun 23, 2009 at 7:05 PM, Rob Scheepmaker < > > > > r.scheepma...@student.utwente.nl> wrote: > > > Hello everybody, > > > > > > [cut] > > > > Hi Rob, > > just a quick comment about identifying remote machines. What about > > combining public key authentication with the bluetooth pairing method > > (the host writes a PIN, the client is asked for the PIN, the two PINs > > must match)? > > This way if the user is too lazy to check the public key we reduce > > greatly the attacker's possibilities. Using this approach we'd have to > > face the fact that a lazy user could write "1234" as a PIN, too: the host > > side UI for writing the PIN should warn the user that things like "1234" > > are not such a good idea. > > A quite good idea. So the first time we receive a new key we ask for a > password at both sides which have to match. And if the key is already there > then this step isn't necesarry. I'll think about how to integrate this > nicely with the api.
this only works, of course, when there's a human pairing the two devices that are within reach/sight. it must also be possible for one side of the transaction to be a machine hidden in a wall. :) -- Aaron J. Seigo humru othro a kohnu se GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 KDE core developer sponsored by Qt Software
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel