[144549] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Jul 1 17:29:14 2009
Date: Wed, 1 Jul 2009 13:10:35 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Adam Shostack <adam@homeport.org>, Jacob Appelbaum <jacob@appelbaum.net>,
Ivan Krsti?? <krstic@solarsail.hcs.harvard.edu>,
cryptography@metzdowd.com
In-Reply-To: <20090701180605.GK15302@Sun.COM>
I should add that a hardware token/smartcard, would be even better, but
the same issue arises: keep it logged in, or prompt for the PIN every
time it's needed? If you keep it logged in then an attacker who
compromises the system will get to use the token, which I bet in
practice is only moderately less bad than compromising the keys
outright.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
