From owner-freebsd-security  Wed Oct  7 10:25:00 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA02977
          for freebsd-security-outgoing; Wed, 7 Oct 1998 10:25:00 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA02960
          for <FreeBSD-security@FreeBSD.ORG>; Wed, 7 Oct 1998 10:24:57 -0700 (PDT)
          (envelope-from brooks@one-eyed-alien.net)
From: brooks@one-eyed-alien.net
Received: from localhost (brdavis@localhost)
	by orion.ac.hmc.edu (8.8.8/8.8.8) with SMTP id KAA28246;
	Wed, 7 Oct 1998 10:24:21 -0700 (PDT)
X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs
Date: Wed, 7 Oct 1998 10:24:21 -0700 (PDT)
X-Sender: brdavis@orion.ac.hmc.edu
To: Robert Watson <robert+freebsd@cyrus.watson.org>
cc: Wes Peters <wes@softweyr.com>, Chuck Robey <chuckr@mat.net>,
        "Jeffrey J. Mountin" <jeff-ml@mountin.net>,
        Sean Kelly <kelly@plutotech.com>, Nate Williams <nate@mt.sri.com>,
        FreeBSD-security@FreeBSD.ORG
Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 
 certification  (fwd)
In-Reply-To: <Pine.BSF.3.96.981007103616.3899A-100000@fledge.watson.org>
Message-ID: <Pine.SOL.4.02.9810071020520.12044-100000@orion.ac.hmc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 7 Oct 1998, Robert Watson wrote:

> In this case, the ideal key for me is one I plug in, and has a little
> display and a button or two.  I type in my pin number, and it decrypts the
> pgp key stored in the ring.  The ring then displays the comment field of
> the check, the to: field, and the amount, and prompts for confirmation,
> all from the digital check transfered to the ring.  If I approve the
> transaction, the ring signs or encrypts the check with the key, and sends
> it back to the computer.  

While they don't have any way that wouldn't give the computer your pin, if
you use the Crypto buttons (the ring is only one form of them) correctly
*no one* including you ever knows the private key.  For the actual
information on Crypto buttons in perticular and iButtons in general
checkout http://www.ibutton.com/.

-- Brooks


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message