[erlang-questions] How to exchange sensitive data with ports?

Illo de' Illis illo@REDACTED
Fri Aug 7 18:20:04 CEST 2009

On Aug 7, 2009, at 6:07 PM, Hynek Vychodil wrote:
> No, no, no, you must be sure that bad guy has not ever been logged  
> as root or a malicious program has not been running with root  
> privileges in any time in past. You can't trust your kernel! It  
> could been patched! You must be sure that bad guy has not been  
> logged at your user level or a malicious program has not been  
> running in same time as any your still running process. It can be  
> new malicious program patched on fly. You must be sure that when you  
> start your Erlang VM or any other program you don't execute any code  
> which could be modified when bad guy has been logged or malicious  
> program has been running. Etc.

I was talking about a _good_ level of security, not a _I'm freaking  
paranoid_ level of security. As it has been memed all over internet  
since ages, a secure system is a system which is switched off, not  
connected to internet, and locked up in a safe.
And speaking of that, since the original poster is dealing with a  
smartcard, every transaction should be encrypted by the smartcard  
private and unaccessible key by using a lcoked-out computer in a  
vacuum chamber.


More information about the erlang-questions mailing list