project idea: portable password safe
werner at almesberger.net
Sun Sep 8 12:56:29 EDT 2013
Paul Boddie wrote:
> If I had to guess what went on [in a smartcard-based e-banking
> access "calculator"]
Yes, I think that's how they work. The "calculator" is just a shell
that provides the user interface and power. You still need to trust
it, but only to the point that it won't leak the PIN.
> Instead, it's a situation where an "official" body signs
> everything on your behalf, ostensibly because you logged in to their service
> at some point and said you wanted to do something.
Is this actually how they do it ? I would think they merely provide
an electronic statement saying that user X has asked us to to Y,
certified by the respective authority that makes the statement.
Well, the difference may be more legal than technical in the end.
> Perhaps I should look around for
> similar gadgets to the one you propose.
It's always good to know what the competition is doing :)
More information about the discussion