As I said before, I do not believe there is such a thing as absolute security, especially on the internet. The best you can hope is to create obstacles that, say, will prevent your spouse from snooping through your email to see if you are cheating on her , but they will not stop a determined, knowledgeable person with right equipment from gaining access to anything stored on the internet.
>From that pov, locking your secret info in a drawer with a key gives
you more security than storing it in the "cloud" because it increases
the transaction cost if the not ease of breaking in. If, say, a
Russian mafioso wanted to steal my credit card info stored on line he
can do it without leaving his home town, but he would need to travel
to DC to do it if my credit card were locked in my drawer. It would
be easy for him to break the lock, but the cost of so doing would be
higher than he can get from fraudulent charges.
As I see, if I want to keep something secret, I do not put on the internet, and when I do put something on the interned, I do not expect it to remain secret. But then I do not mind my credit card info being stolen, because I am not liable for fraudulent charges. That is the main reason I am using them in the first place. And I have nothing to hide from my wife either ;) what is more, the best way to prevent something from being stolen is not by erecting security measures but making stealing it not worth the effort. I know that in many parts of this country people do not lock doors to their homes because there is nothing worth stealing there.
wojtek
On Fri, Mar 23, 2012 at 11:15 AM, Jordan Hayes <jmhayes at j-o-r-d-a-n.com> wrote:
> Wojtek asks:
>
>
>> Why do not they implement a solution that is similar to what
>> most people use in their homes - a key.
>
>
> There are two answers to this question; the first, a technical one, is that
> a key is no better than a password. You can rank authentication schemes in
> terms of how many of the various kinds of mechanisms are involved:
>
> - Somthing you know (like a password)
> - Something you have (like a key/card)
> - Something you are (fingerprint, retinal scan)
>
> A determined adversary can beat your authentication policy if you only use
> one of these; it's harder if you use two; hardest of all is if you use
> three. In the case of a physical key, I can beat you if I can replicate
> your key, or obviate the need for using your key. There's not a physical
> key made on the market to day that would keep your home safe from a
> reasonably skilled lock-picker.
>
>
>> Why not using, say, a USB memory stick with necessary encryption
>> that stores all password and credentials and provides them to
>> applications that need it?
>
>
> The second answer is that these things are available, but the
> standardization that would have to occur isn't on anyone's TODO list. Think
> of how you hate all those different passwords; now think of all the
> different ways they try to get you to "log in" ... we're living in a world
> where "key hole" is not a standard feature. And it's getting worse:
> "keyless" car entry systems means you no longer have a key. You might have
> a keypad now!
>
> eBay and PayPal (and others) can provide a 2nd authentication level
> ("something you have" above), but again: it's not a standard way of doing
> things.
>
> /jordan
> ___________________________________
> http://mailman.lbo-talk.org/mailman/listinfo/lbo-talk
-- Wojtek http://wsokol.blogspot.com/