On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote: > [NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into > private > mail, but your e-mail address was munged in some sort of anti-spam > measure, and not trivially un-mungeable. Please consider providing > information on how to demunge it in some X- header, or not using > munging at all.]
Heh. That's my actual email address. Fooled ya. > Well, the DD can't log in without the smart card, so that's clearly a > prerequisite. You leave it unplugged until you need it, do your thing, then unplug it. Sure, I could still infect your toolchain so you unwittingly upload trojaned stuff. But the fact is in this *actual* compromise the password was stolen and the hacker worked later at his leisure: smartcards would have prevented this *actual* incident (but of course doesn't prohibit other ways of attack). If something could have prevented something that actually happened, I say go for it.
