[18409] in cryptography@c2.net mail archive
Re: Is there any future for smartcards?
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Sun Sep 11 16:12:46 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 11 Sep 2005 19:32:45 +0200
From: Eugen Leitl <eugen@leitl.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com, eugen@leitl.org, pfarrell@pfarrell.com
In-Reply-To: <E1EEPSo-0007KV-00@medusa01.cs.auckland.ac.nz>
--CpAxqhGCAFLOJuBs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Sep 11, 2005 at 10:53:34PM +1200, Peter Gutmann wrote:
> The problem with this is that in 99.99% of cases the insecure networked
> machine *is* the reader, rendering the smart card pretty much pointless. =
I've
Pat Farrel spoke about the infrastructure required for smartcards to have
at all a point. Inexpensive USB readers with integrated keypad (and LCD dis=
play)
exist, and are a basic component of such smartcard infrastructure. Unless i=
t's
pure snakeoil, by design.=20
> only ever seen a handful of card readers that have keypads and displays, =
and
> none that have succeeded commercially. Everyone just gets the cheap read=
er-
> only devices.
USB smarcard readers with displays are not expensive, especially
if purchased in quantities. A financial institution would probably
recover the costs quite rapidly, if it gave away smartcards and=20
such readers for free to its customers, given the amount of fraud.
It is symptomatic that this is not happening, and that e.g.
HBCI support hereabouts is very thin. HBCI+smartcard, especially on
a non-Redmond system, is nearly impossible to set up. Zero support.
(Support in fact discourages use of smartcard). Default for
local online banking is PIN/TAN (TANs distributed on dead tree).
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--CpAxqhGCAFLOJuBs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDJGo9dbAkQ4sp9r4RAkAqAKCPFRHcM9LvYJidXx94voY/gB+5CwCgp9i4
fxOQxEYQMFv4tPgUaX0XNPI=
=uedB
-----END PGP SIGNATURE-----
--CpAxqhGCAFLOJuBs--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
