Hacker News new | past | comments | ask | show | jobs | submit login

Do you not trust the OSX Keyring because of apple? Or outside attackers?

If it is apple you don't trust in this regard, keychain is the least of your problems.

If it is outside attackers. At least they should need physical access to the machine to crack it, right? (If you don't back up that specific keychain to iCloud)




Both, actually. I Think encryption should involve specialized hardware, such as a smart card. That way, it would NEVER ever be exposed to a network.


In order to be used, it has to be exposed to the network.


not really. You could imagine a smart card with a software (the smart card itself runs the software)that would take bytes[] as an input and would output the encrypted bytes. The only 'network' communication would be between the card and the computer, and the computer would be unable to access the private key stored on the card.


You don't have to imagine them. They exist [0]. (Sorry, can't easily find a US link.) US government employees all have a CAC, as well, which is a crypto smartcard.

The key stays on the card. The card will do signatures and key generation, and also holds login/etc credentials. It works basically exactly like Malka says: bytes go in, signature comes out. It can likely do encryption as well, but you'd probably use it to generate a temporary key and then to sign the encrypted results, since the processor on cards is relatively weak.

0: http://www.acs.com.hk/en/products/17/acos5-64-cryptographic-...


If OSX has a backdoor then the data can be compromised before it's encrypted. A smartcard would be useful for signing though.


Losing one of those things would not be fun.


Not quite the same thing, but I have a little (physical) keypad that HSBC provided to generate codes to sign in online. It's small, and flimsy, and my almost-2-year-old is fascinated with it -- when she manages to get her hands on it, she presses buttons and talks on it like it's a tiny phone... it's adorable, but one of these days it's going to decide she has "failed" my passcode too many times and it'll brick itself.

And when I'm spending a month or two in Asia, for example, I have no illusions that I could possibly get another mailed to me, if it broke or was lost.

These are great in terms of security, and should be an option for people who need it, but shouldn't be obligatory (I wouldn't use this for my bank if I had a better option).


Do you lose your house keys very often?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: