Reply to post:

It's World (Terrible) Password (Advice) Day!

Charles 9

"While basically reduced to "something I own", these would still be millions of times more secure against typical modern threats that tend to be online in nature, not up-close and physical. A token that cannot be infected with malware, holding a secret that never leaves it should be basically impervious to such attacks. At the same time, while not a perfect solution, these could always be complemented with some sort of local unlock mechanism (on-token PIN/password input or something else) coupled with a self-destruct in case of failed brute-force attempts."

I present to you the intractable First Contact Problem. Basically, how can Alice and Bob attest who they really are when they've never met before and have no one in common between them (so no Trent).

I posit that you cannot even trust hardware. What if it was subverted by a state-level agent without your knowledge? Or it could have flaws that someone finds (so it's not malware, just a Confused Deputy). And a secret that never leaves can't be used in an online transaction, and ANYTHING that goes online can be intercepted by a Man In The Middle.

Frankly, the Internet is IMPOSSIBLE to secure even decently against such attacks because it was never designed with attribution in mind. And without attribution, anyone can impersonate anyone else. You basically need a brand new Internet, one with ironclad attribution...which incidentally means practically NO anonymity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon