* How do you securely log in from an internet cafe?
For this we're going to have to rely on SSL but the server does check that the messages sent by itself and by the browser plugin are not modified in transit and will prevent login if they were.
* What if someone gets your private keys, and gets your password with a keylogger? This looks like "game over."
Well the encryption key is derived using random salts that are in the database so a keylogger alone won't work. Of course it would be trivial to create software to steal the salts as well but if you're computer is infected with malware TrustAuth is no worse than passwords.
2 comments
[ 3.5 ms ] story [ 19.5 ms ] threadThe technical details page[1] mentions some problems and workarounds. Some more issues I see:
* How do you securely log in from an internet cafe?
* What if someone gets your private keys, and gets your password with a keylogger? This looks like "game over."
[1] http://trustauth.com/technical_details
For this we're going to have to rely on SSL but the server does check that the messages sent by itself and by the browser plugin are not modified in transit and will prevent login if they were.
* What if someone gets your private keys, and gets your password with a keylogger? This looks like "game over."
Well the encryption key is derived using random salts that are in the database so a keylogger alone won't work. Of course it would be trivial to create software to steal the salts as well but if you're computer is infected with malware TrustAuth is no worse than passwords.