[15548] in cryptography@c2.net mail archive
Re: Article on passwords in Wired News
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Thu Jun 3 13:28:21 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 3 Jun 2004 18:13:04 +0200
From: Eugen Leitl <eugen@leitl.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
In-Reply-To: <E1BVnN1-00029s-Uz@medusa01>
--NmSnvLzyAm+ZWx8I
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jun 03, 2004 at 08:14:39PM +1200, Peter Gutmann wrote:
> One-time passwords (TANs) was another thing I covered in the "Why isn't t=
he
> Internet secure yet, dammit!" talk I mentioned here a few days ago. From
> talking to assorted (non-European) banks, I haven't been able to find any=
that
Customers hate PINs/TANs (have to carry then around, PINs typically are not
alphanumeric, and fixed-length, print is low-contrast). Which is why power=
=20
users have a (Windows-only, for some reason couldn't get GNUcash working,=
=20
despite right crypto libraries and proper port punched through firewall)=20
HBCI software alternatives. Which are not used widely, alas.
Banks tried to push smart cards, but very half-heartedly (didn't offer free
readers, which could have created critical mass). Now some folks are trying
to use existing smartcard-authenticated mobile phone infrastructure for
online payments, but it has its own problems (Bluetooth/IrDa, security, fax
effect, etc).
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
--NmSnvLzyAm+ZWx8I
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFAv04PdbAkQ4sp9r4RAkymAKCFdrOrO46gZ4v/CreCKG2qFrDBQgCgrvyH
0UCiOz8eZWK4W1/+2lwoD8c=
=+POM
-----END PGP SIGNATURE-----
--NmSnvLzyAm+ZWx8I--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
