[145097] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (John Levine)
Wed Nov 25 08:55:44 2009
Date: 21 Nov 2009 21:56:11 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <4B048052.4020605@garlic.com>
Cc: lynn@garlic.com
>we claimed we do something like two orders magnitude reduction in
>fully-loaded costs by going to no personalization (and other things)
>...
My concern with that would be that if everyone uses the the same
signature scheme and token, the security of the entire industry
becomes dependent on the least competent bank in the country not
leaking the verification secret.
For something like a chip+pin system it is my understanding that the
signature algorithm is in the chip and different chips can use
different secrets and different algorithms, so a breach at one bank
need not compromise all the others.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
