[15552] in cryptography@c2.net mail archive
Re: Article on passwords in Wired News
daemon@ATHENA.MIT.EDU (martin f krafft)
Fri Jun 4 13:28:45 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 4 Jun 2004 02:24:13 +0200
From: martin f krafft <madduck@madduck.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <E1BVnN1-00029s-Uz@medusa01>
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
also sprach Peter Gutmann <pgut001@cs.auckland.ac.nz> [2004.06.03.1014 +020=
0]:
> One-time passwords (TANs) was another thing I covered in the "Why
> isn't the Internet secure yet, dammit!" talk I mentioned here
> a few days ago. From talking to assorted (non-European) banks,
> I haven't been able to find any that are planning to introduce
> these in the foreseeable future. I've also been unable to get any
> credible explanation as to why not, as far as I can tell it's
> "We're not hurting enough yet". Maybe it's just a cultural thing,
> certainly among European banks it seems to be a normal part of
> allowing customers online access to banking facilities.
While these are definitely nice, I am not particularly pleased. For
one, they are only "what you have", and not anything else.
I love the Swiss system, which is a token card and a reader, locked
with a PIN. You go to the web, get a challenge, run it through the
reader after inserting the card and entering the pin, then it spits
out the response, which you enter, and you're in...
Simple, efficient, secure.
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
=20
"you raise the blade, you make the change
you rearrange me till i'm sane.
you lock the door, and throw away the key,
there's someone in my head but it's not me."
-- pink floyd, 1972
--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAv8EtIgvIgzMMSnURAkKsAKCVraRus21yssT9NRhBMLpTe2rf4wCfTjLA
GLupoqBE3adANtJt+Eh7Ma0=
=Gdzw
-----END PGP SIGNATURE-----
--AhhlLboLdkugWU4S--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
