Prev: On the Beale ciphers
Next: A nice article in "CRYPTO-GRAM"
From: Mok-Kong Shen on 17 May 2010 14:11
Ivan Voras wrote:
[snip]
> (of course, all other attacks of the "attach a debugger to the
> application" sort cannot be defended against in this way)

A presumably extremely dumb question: Suppose there is a trojan on one's
computer, would entering a password online be any bit better than
having the password permanently stored?

M. K. Shen
From: unruh on 17 May 2010 14:59
On 2010-05-17, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote:
> Ivan Voras wrote:
> [snip]
>> (of course, all other attacks of the "attach a debugger to the
>> application" sort cannot be defended against in this way)
>
> A presumably extremely dumb question: Suppose there is a trojan on one's
> computer, would entering a password online be any bit better than
> having the password permanently stored?

No, a trojan running with root privildges ( or yours) can read the
passwords, both online and in your "encrypted" wallet.

>
> M. K. Shen
From: Jonathan Lee on 17 May 2010 15:10
On May 17, 2:11 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> Suppose there is a trojan on one's computer, would entering a
> password online be any bit better than
> having the password permanently stored?

I'm sure any number of examples of equally bad security can be
made. For example, suppose you had a key logger installed on
your USB port, etc.

Nevertheless, there seems to be some qualitative difference. One
is seen as a misfortune (i.e., having a trojan); the other a matter of
convenience. I would guess that most personal computers have
some version of the latter happening (between email clients, web
browsers, wallets, password managers, etc.)

Speaking for myself, then, the original question was about how
storage could be done responsibly. Perhaps this can't be done
"responsibly" at all (I suppose this is what you're getting at).
Still,
it's a feature people want, so I thought I'd ask before writing a
completely uninformed implementation.

--Jonathan
From: Mok-Kong Shen on 17 May 2010 16:07
Jonathan Lee wrote:

> I'm sure any number of examples of equally bad security can be
> made. For example, suppose you had a key logger installed on
> your USB port, etc.
[snip]

The internet security of one's computer is indeed very hard to
be ensured for most people, excepting experts, I believe. I like
to tell the following personal story: Longtime ago I bought
a computer with a pre-installed antivirus program. On starting
up, I was asked to register. I didn't register. A few months
later I got an email from the producer. I couldn't explain how
that happened.

M. K. Shen


From: Kulin Remailer on 17 May 2010 17:27
> No, a trojan running with root privildges ( or yours) can read the
> passwords, both online and in your "encrypted" wallet.

Didn't your mama teach you to always keep some Trojans in your wallet?


First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: On the Beale ciphers
Next: A nice article in "CRYPTO-GRAM"