[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Technical questions for backup/sync (was: UI considerations
|
From: |
Florian Dold |
|
Subject: |
Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync) |
|
Date: |
Mon, 25 May 2020 23:06:27 +0530 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
On 5/25/20 10:05 PM, Christian Grothoff wrote:
> On 5/25/20 3:56 PM, Florian Dold wrote:
>> On 5/25/20 7:17 PM, Christian Grothoff wrote:
>>> Exactly. I think the screen lock is a good compromise here.
>>
>> Alternatively, one existing device must approve the new member of the
>> sync group.
>
> Given that I expect the wallets/devices to communicate VIA the sync
> group, I don't think this is practical. Also, doesn't help in Torsten's
> attack scenario, since he got hold of the device/wallet and can thus
> also easily push the 'approve join' button in addition to 'show secret'.
Well, taking a picture of a QR code from far away with a some high
resolution camera is *much* easier than putting your hands on the
unlocked device. This would give an attacker unlimited access to the
user's wallet funds and potentially private data without the user being
able to notice.
Regarding Torsten's scenario: At least that requires a physical
interaction, *and* it will be "tamper-evident", as the user will see an
additional public key.
- Florian
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), (continued)
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Florian Dold, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Florian Dold, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Florian Dold, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync),
Florian Dold <=
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Florian Dold, 2020/05/25
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/26
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/26
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/27
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/27
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Torsten Grote, 2020/05/27
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Florian Dold, 2020/05/27
- Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync), Christian Grothoff, 2020/05/27