project idea: portable password safe

Werner Almesberger werner at
Sun Sep 8 12:56:29 EDT 2013

Paul Boddie wrote:
> If I had to guess what went on [in a smartcard-based e-banking
> access "calculator"]

Yes, I think that's how they work. The "calculator" is just a shell
that provides the user interface and power. You still need to trust
it, but only to the point that it won't leak the PIN.

> Instead, it's a situation where an "official" body signs 
> everything on your behalf, ostensibly because you logged in to their service 
> at some point and said you wanted to do something.

Is this actually how they do it ? I would think they merely provide
an electronic statement saying that user X has asked us to to Y,
certified by the respective authority that makes the statement.

Well, the difference may be more legal than technical in the end.

> Perhaps I should look around for 
> similar gadgets to the one you propose.

It's always good to know what the competition is doing :)

- Werner

More information about the discussion mailing list