[19104] in cryptography@c2.net mail archive
Re: [Clips] Banks Seek Better Online-Security Tools
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Mon Dec 5 10:10:54 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 5 Dec 2005 08:54:58 +0100
From: Eugen Leitl <eugen@leitl.org>
To: cryptography@metzdowd.com
In-Reply-To: <Pine.SOL.4.61.0512041741120.25428@frame>
--rxo8NJoU8lqsvmUu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Dec 04, 2005 at 05:51:11PM -0500, leichter_jerrold@emc.com wrote:
> | To start the ball rolling, I have not and won't.
> Until a couple of months ago, I avoided doing anything of this sort at al=
l.
> Simple reasoning: If I know I never do any financial stuff on-line, I can
> safely delete any message from a bank or other financial institution.
I've been using online banking for many years, both US and Germany.=20
The German PIN/TAN system is reasonably secure,
being an effective one-time pad distributed through out of band channel
(mailed dead tree in a tamperproof envelope). It is of course not immune
to phishing (PIN/TAN harvesting), which has become quite rampant recently.
I'm about to setup HBCI with my business account (both GnuCash and
openhbci/aqbanking from the command line), which can in principle cooperate
with a smartcard. It is a major pain to set up, however, especially on an
unsupported platform.
I do have a HBCI smartcard setup with my private account but don't use it
since it's locked in a proprietary software jail.
=20
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--rxo8NJoU8lqsvmUu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDk/JSdbAkQ4sp9r4RAt3UAKCWvj7fDb88zxnYGyPgFF4HjPUBlwCcCsV4
zmKLna0m/dXJP+nFQ3o4rHY=
=ng/1
-----END PGP SIGNATURE-----
--rxo8NJoU8lqsvmUu--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
