[17856] in cryptography@c2.net mail archive
Re: ID "theft" -- so what?
daemon@ATHENA.MIT.EDU (Derek Atkins)
Wed Jul 13 21:59:21 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 13 Jul 2005 13:23:45 -0400
From: Derek Atkins <warlord@MIT.EDU>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: John Denker <jsd@av8n.com>, cryptography@metzdowd.com
In-Reply-To: <87vf3elm17.fsf@snark.piermont.com>
Quoting "Perry E. Metzger" <perry@piermont.com>:
> So, rephrasing, the problem is not that secret information isn't a
> fine way to establish trust -- it is the pretense that SSNs, your
> mom's birth name or even credit card numbers can be kept secret.
>
> > Identifying information cannot be kept secret.
>
> I'd amend that to "things like your name, your SSN or your account
> numbers cannot be kept secret..."
I think it's worse than that -- in reality it is any static piece of
information. It doesn't matter WHAT that piece of information is. You really
want a challenge-response system to prove both knowledge and liveness of the
information.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
