[17592] in cryptography@c2.net mail archive
Re: WYTM - "but what if it was true?"
daemon@ATHENA.MIT.EDU (Chris Kuethe)
Wed Jun 29 10:45:49 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 28 Jun 2005 20:43:13 -0600
From: Chris Kuethe <chris.kuethe@gmail.com>
Reply-To: Chris Kuethe <chris.kuethe@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <20050627194720.GH15977@piias899.ms.com>
On 6/27/05, Victor Duchovni <Victor.Duchovni@morganstanley.com> wrote:
> On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote:
>=20
> > And now we have a market for cracked "trusted" banking clients, both
> > for phishers and lazy people... it's game copy protection wars all
> > over again. :)
> >
>=20
> Well cracking the bank application is not really in the user's interests
> in this case.
Never underestimate people's shortsightedness and laziness as
motivation to defeat a security system. Sort of how laziness is a
virtue of perl programmers.
> My view is, that when the banking application delivery
> platform becomes cheap enough (say $50 or less), it will make sense for
> the bank to provide a complete ATM system (sans cash) to each user.
Well, software distribution can be outsourced to AOL. :)
I hate it when people say stuff like this, but: "I'm no hardware
engineer, but it shouldn't be that hard to build something like a
selfcontained POS pin-pad about the size of a calculator..." And as I
was snickering while I wrote that, I was trying to enumerate all the
hard parts - things like a tamper-resistant case, software that wasn't
going to be leaking key bits, etc.
> The personal ATM appliance should be difficult to tamper with and should
> accept only a single set of accounts (so that stolen pin numbers are not
> portable)...
The latter will be easy to achieve if you can make inexpensive,
robust, reliable, tamper-resistant, failsafe, userfriendly hardware.
In short, it's 2-factor authentication. Knowing your PIN, and having
your personal ATM appliance.
--=20
GDB has a 'break' feature; why doesn't it have 'fix' too?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
