[OpenAFS-devel] openafs - proposed cache security improvement
Jim Rees
rees@umich.edu
Sat, 31 Mar 2007 16:52:14 -0500
I didn't understand most of your message. But without tamper resistant
hardware, I don't see how you can protect the user key. If I store the key
in my iPod, can't someone just copy the key?
Tamper resistant hardware allows you to use a private key if you know the
PIN, but does not allow you to read the key. A couple of important
advantages are that a thief needs both the hardware and the PIN, and that
the theft is apparent because the physical device, not just the data
contained in it, must be stolen.