BO, trojans, http tunelling and similar are really not rocket science these days. 99% of sheeple machines are vulnerable. This is perfectly valid and real attack. Not on my machines and probably not on yours - that does not make any difference.

This is just another data point supporting secure devices insulated from microshit OS, java and wintels in general. Running PGP in the environment where attachment execution and/or java and/or activex are tolerated does not make any sense.

I want a laptop where someone could take out the disk platters, scan them with a STM, do every "reconstruction" trick known to humankind, and still not be able to tell basic things like how much of the drive is in use or what operating system is installed. To use it, you would have to enter the correct passphrase on bootup (256 characters would be about the shortest maximum passphrase length that would be worthwhile) for the BIOS to make into a key to encrypt the drive writes and decrypt the drive reads. The drive encryption would have to be handled purely in hardware on the HD controller, specifically so that there is NO WAY for software running on the box to get around it. Every write and Every read. And finally, it would have to have some kind of tamperproof keyboard -- noplace to install hardware key loggers. I think that's about the bare minimum for a theft-secure machine. (A machine which can be stolen without you having to worry about someone else getting the data on it). Network security, if you hook it up to a network, is a separate and more complex problem, but I think that it *is* possible to make a theft-secure machine. Bear

On Sat, 24 Mar 2001, David Honig wrote:

What the world needs now

is a membrane keyboard, used only for entering keys, which can be folded into a credit card and stored in your wallet. If not hung around your neck.

This reminds me of something I've had in the back of my mind for a while (thanks to the Oxygen project over at MIT). Is it useful to divide "available computation power" into these categories: 1) untrusted and "impersonal" 2) untrusted but personalized 3) trusted and "impersonal" 4) trusted and personal Here "personalized" is a purposely vague notion which is supposed to capture such things as, say, a Palm Pilot with your passphrases saved on it. That would be a "trusted and personal" computation device. A "trusted but impersonal" device might be something you have good reason to believe works correctly, but doesn't have any special information about you. I'm not clear on whether it's useful to distinguish between 1) and 2). Probably that depends on what is shoved into the word "personalized." The point of dividing computation into categories is that 4) is very rare, often computationally weak, but a little goes a long way. At least, given the right protocols. My brain is trusted and personal, but it can't do much more than remember a password. My Palm Pilot and my brain together can execute SRP or PAK or whatever - but my Palm Pilot doesn't need to remember my password. (it can be "trusted but impersonal", contrary to the example above). I'd be interested to hear where else this sort of categorisation has popped up, or whether people think it's useful. thanks, -David