[SC-L] Best practices for encrypting client-side data
ljknews
ljknews at mac.com
Thu May 10 07:01:14 EDT 2007
At 12:01 PM +1200 5/10/07, Robin Sheat wrote:
> Content-Type: multipart/signed; boundary="nextPart1622971.NJ1973Q3ia";
> protocol="application/pgp-signature"; micalg=pgp-sha1
> Content-Transfer-Encoding: 7bit
>
> On Wednesday 09 May 2007 02:11:05 ljknews wrote:
>> I would suggest two factor authentication, requiring some smart card
>> (with built-in keypad, to prevent intercept of the pin) that actually
>> provides the decryption. Make the user keep the smart card with them,
>> such as by requiring it for entrance to the cafeteria or rest room.
> That's not possible in this case. Mostly because it would involve more
> investment on our part than the customers would be willing to pay for.
>
> However, I'm interested in generalising the ideas in this thread to go beyond
> my particular situation; "if you were storing data in an application on a
> laptop, how would you keep it as safe as is feasible?"
The tension between "as safe as is feasible" and "not willing to pay for"
is not susceptible to generalization.
--
Larry Kilgallen
More information about the SC-L
mailing list