Thanks. I must think more about this. I can understand that TOTP cannot be used ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		watersb on June 6, 2016 \| parent \| context \| favorite \| on: Being privacy-aware in 2016 Thanks. I must think more about this. I can understand that TOTP cannot be used for encryption. But the app is asking for authentication. Zero-knowledge proof game might apply. Of course the local app must have the decrypted key in memory. I wish we could defend against the Evil Maid...

superuser2 on June 6, 2016 [–]

One defends against the Evil Maid with physical security techniques. And by doing your own cleaning :).

The app is not asking for authentication, it's asking for encryption. Else an attacker could bypass the app's logic and read its data directly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact