the limits of crypto and authentication
Ian Grigg
iang at systemics.com
Sat Jul 9 14:56:36 EDT 2005
FTR, e-gold were aware of the general makeup of this
threat since 1998 and asked someone to look at it. The
long and the short was that it was more difficult to solve
than at first claimed, so the project was scrapped. This
was a good risk-based decision. The first trojans that I
know of for e-gold weren't spotted until 12-18 months
ago, so it was also a profitable decision. What they are
doing now I don't know.
In the payments world we've known how to solve all
this for some time, since the early 90s to my knowledge.
The only question really is, have you got a business
model that will pay for it, because any form of token is
very expensive, and the form of token that is needed -
a trusted device to put the application, display, keypad
and net connection on - is even more expensive than
the stop-gap two-factor authentication units commonly
sold.
iang
--
Advances in Financial Cryptography, Issue 2:
https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list