[17732] in cryptography@c2.net mail archive
Re: the limits of crypto and authentication
daemon@ATHENA.MIT.EDU (Nick Owen)
Sat Jul 9 13:25:18 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 09 Jul 2005 11:34:06 -0400
From: Nick Owen <nowen@wikidsystems.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050708190647.374493BFE55@berkshire.machshav.com>
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.
Steven M. Bellovin wrote:
> There's been a lot of discussion about how to strengthen cryptography
> and authentication, to get away from problems of phishing, pharming,
> etc. But such approaches can take you only so far, as this link
> indicates:
>
> http://www.lurhq.com/grams.html
>
> Briefly, it's a Trojan that waits for you to log int o E-Gold, checks
> your balance, and drains your account except for .004 grams of gold.
>
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
