LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The coming Web security woes (News.com)

The coming Web security woes (News.com)

Posted Jul 12, 2005 9:29 UTC (Tue) by tgb (guest, #745)
In reply to: The coming Web security woes (News.com) by dlang
Parent article: The coming Web security woes (News.com)

don't think that something like a USB key holding your private cert will do the job, the bad guy can just snag a copy of the cert when it's accessed by the local system, you need a true smart card [...]

There have been devices available for several years which are the same dimensions as a USB flash memory device, but actually contain what amounts to a smartcard and reader rolled up into one. Aladdin make the eToken range, I think there was an Italian company called Eutronics who made something similar, but I can't find them right now.

Because these are the same technology as smartcards, there's no risk of "the bad guy [snagging] a copy of the cert when it's accessed by the local system", because the cert isn't accessed by the local system, all the work happens on-board the device.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds