|
|
|
|
|
|
by MaxBarraclough
3070 days ago
|
|
|
> Can't store password on device (it's a device we don't control). No user, so authentication has to be all autommated. Am I missing something, or have you painted a contradiction? * You want the device to hold some secret * You want the device to be able to prove that it holds the secret * You don't trust the device to hold a secret If I'm understanding this correctly, then you've left the realm of cryptography and entered the realm of obfuscation. Edit This isn't necessarily a losing battle, but it changes the way we need to think about the problem. Games consoles and DRM'ed video media (Blu-Ray and HDCP) do something similar in not trusting the end-user: they want to hold the key to the kingdom whilst ensuring the user never sees it. They've done this with varying levels of success. |
|
|