Coffeehouse Post

Single Post Permalink

View Thread: Man-in-the-Middle attack
  • User profile image


    Little clarification on what I was thinking when I wrote that:

    Those people who don't need the money are likely after information and thus may have resources to get past security systems that they are able to study in isolation. eg. if they can find without you knowing it what software or hardware you use because that information was not obscured, then they can acquire that soft/hardware and study it for weaknesses.

    The idea about using a keyboard with included encryption device has the weakness that while it can send things encrypted, how would it display the decrypted things while the sniffer/spyware is taking screenshots etc.

    So the best solution seems to be a smartphone which is somehow verified to be clean and then locked such that only new decryption and encryption keys can be added into it, but nothing else can be saved, modified on it and nothing on it could be read without tearing it apart - it would have the option to write encrypted or decrypted data elsewhere but the decryption key could come with encrypted metadata that told whether the decrypted content would be allowed to be written off-device after decryption (leaving only open the "video capture the device screen" or "sniff the bus" holes).