[17781] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: the limits of crypto and authentication

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Jul 11 13:38:25 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: dan@geer.org
Cc: cryptography@metzdowd.com
Date: Sun, 10 Jul 2005 12:12:53 +0200
In-Reply-To: <20050709222422.74FDA1BF96C@absinthe.tinho.net> (dan@geer.org's
	message of "Sat, 09 Jul 2005 18:24:22 -0400")

> Take a look at Boojum Mobile -- it is
> precisely the idea of using the cell
> phone as an out-of-band chanel for an
> in-band transaction.
>
> http://www.boojummobile.com

In the foreseeable future, this approach won't stop fraudulent
transactions because the one-time password does not depend on the
transaction content.  Anything which doesn't display essential parts
of the transaction contents to the end user over a trusted channel is
doomed to failure.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17781] in cryptography@c2.net mail archive

Re: the limits of crypto and authentication

daemon@ATHENA.MIT.EDU (Florian Weimer)Mon Jul 11 13:38:25 2005

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Jul 11 13:38:25 2005