unforgeable optical tokens?
Hadmut Danisch
hadmut at danisch.de
Sat Sep 21 19:43:35 EDT 2002
On Sat, Sep 21, 2002 at 12:11:17AM +0000, David Wagner wrote:
>
> I find the physical token a poor replacement for cryptography, when the
> goal is challenge-response authentication over a network. In practice,
> you never really want just challenge-response authentication; you
> want to set up a secure, authenticated channel to the other party,
> which means you probably also need key distribution functionality.
> The physical token suggested here doesn't help with that at all.
That's the main problem of judging this token:
Don't compare it with cryptographical methods.
This token is not a matter of cryptography, because
there's no secret and no exchange of information.
No challenge, no response, no calculation, no stored information,
nothing. Therefore it is completely useless in context of
computer networks, which - after all - do nothing else than
carrying informations. That token can't perform a challenge-response
authentication, because it's a piece of plastic and glas, it
doesn't listen to your challenge and it won't give you an answer.
It's just a gadget of the type "you can't make a similar one again",
and that's what it can be used for. Forget about networks and
challenge response in context of this token.
Security is far more than just the cryptographical standard methods.
There's security beyond cryptography. So don't have this limited
view.
regards
Hadmut
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list