undefined | Better HN

0 pointsrcthompson9y ago0 comments

If you trust the hardware enough to use it for 2-factor authentication, then I think you trust it enough to be honest with you about its contents.

0 comments

dfox9y ago

The problem there is that in usual case, the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify.

In theory, this could be solved by verifying whole memory of the device, but that still depend on you believing that the device does not have more memory than what it should have.

leni5369y ago

> the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify. Why not?

dfox9y ago

Because in the usual case you want to do such verification through same interface as normal operation, both for usability reasons and to limit number of interfaces that cross the security boundary.

j / k navigate · click thread line to collapse

0 comments

dfox9y ago

The problem there is that in usual case, the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify.

In theory, this could be solved by verifying whole memory of the device, but that still depend on you believing that the device does not have more memory than what it should have.

leni5369y ago

> the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify. Why not?

dfox9y ago

Because in the usual case you want to do such verification through same interface as normal operation, both for usability reasons and to limit number of interfaces that cross the security boundary.

j / k navigate · click thread line to collapse