biometrics (addenda)
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Wed Jan 30 13:08:18 EST 2002
note however, with regard to the 80 hardware tokens, or 3 hardware tokens,
or 1 hardware token scenario .... a single or small number of hardware
tokens (with each hardware token having an associated public key registered
multiple places) then can become a personal choice.
The current scenario with shared secret demands that a unique shared secret
be used in each unique security domain.
In the hardware token scenario the same hardware token can be used with
multiple unique security domains w/o exposing the ability to originate
fraudulent transactions.
The biggest exposure is lost/stolen and effectively denial of service.
Since these hardware tokens are many more times harder to compromise than
evesdropping a pin/password, possibly a thousand times harder (which
includes the act of physical theft), then potentially the security profile
allows such a token to be used in a hundred different security domains
(exposure proportional to difficulty of compromise).
This doesn't take into account the human operational factors .... like
memory problems with multiple "secret" values ... and if there are multiple
tokens, each with a large number of security domains, remembering which
security domain is associated with which token.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list