Oliver Neukum <oneukum@xxxxxxxx> writes: > Hi, > > I've been going through the drivers with an eye on security. > And a question arose. How do we know that a device that claims > to be a chaoskey is really a chaoskey? A fine question, and one we've thought about extensively. The Chaoskey device explicitly does not address physical attacks. Assuming physical security makes things a lot easier, and one of the simplifications is that we can assume that any physical device connected to the machine which has the right USB IDs will be the correct device. I have taken the trouble to register a "real" USB ID for this device, so in theory, we shouldn't ever see an accidental collision. -- -keith
Attachment:
signature.asc
Description: PGP signature
