[129954] in cryptography@c2.net mail archive
Re: security questions
daemon@ATHENA.MIT.EDU (David Molnar)
Wed Aug 6 16:51:45 2008
Date: Wed, 06 Aug 2008 12:15:18 -0700
From: David Molnar <dmolnar@eecs.berkeley.edu>
To: Peter Saint-Andre <stpeter@stpeter.im>, cryptography@metzdowd.com
In-Reply-To: <4899C1EF.3050406@stpeter.im>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3A5F27DA8A4CFFAF3800EE02
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Peter Saint-Andre wrote:
[list of security questions snipped]
> ***
>=20
> It strikes me that the answers to many of these questions might be=20
> public information or subject to social engineering attacks...
You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008
on this issue:
"Personal knowledge questions for fallback authentication:
Security questions in the era of Facebook"
Ariel Rabkin
http://www.cs.berkeley.edu/~asrabkin/bankauth.pdf
He has slides as well:
http://www.eecs.berkeley.edu/~asrabkin/rabkin.pdf
-David Molnar
--------------enig3A5F27DA8A4CFFAF3800EE02
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFImfhGyyxj0uImQ6gRAoFkAJ43N4QbwOZ/Vxf7C+wisYyze29umACdGLyn
NC/DGaxbNH1n/J7KpFpGRp0=
=XH97
-----END PGP SIGNATURE-----
--------------enig3A5F27DA8A4CFFAF3800EE02--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
