-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, adam@bwh.harvard.edu writes:
Understood, but its not a matter of addressing 90% or the other 10%, its a matter of "Is the security gain in building a card that only hands out each number once worth cutting out 10% of the market?" I think that if you are worried about rouge code on your machine, you aren't going to run on a computer that can't protect its memory from random browsing. (I can still access all of a PC's memory from normal code, can't I?) Thus, building a PC card doesn't really afford you a gain in security if I can use my hostile code to read PGP's memory locations. If you agree with that, then there is no good reason not to build a serial port dongle, and include me in your potential customers. :)
The card design isn't so much security as avoiding scarce real estate on a PC (which, at somewhere over 130 million units fielded, is a not inconsiderable market segment). If this were a dongle device, I'd want it on a parallel port. Many machines don't have a spare serial port, and transparent dongles would be harder to do there, anyway. But transparent parallel port dongle technology is already established. - -- Roy M. Silvernail | #include <stdio.h> | PGP 2.3 public roy@sendai.cybrspc.mn.org | main(){ | key available | int x=486; | upon request | printf("Just my '%d.\n",x);} | (send yours) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLgRkdhvikii9febJAQFLeAQAitqR4viAo/o/zxVzV/ixxvDZiTtO8R3u FrxtuNWHAnxoNivuGOJ0zkyYEGOeMFuw2s8ZFKhpGdJwLn2zFl/m9C6H7WKbjaJv gtMAjEr1QFvmhm5KUSB9aARIWHn2kvwyqCZae829y29jH9jiNxRgIxnaezbPd5gA xNVImYKQZOo= =Hz6T -----END PGP SIGNATURE-----