the limits of crypto and authentication
Perry E. Metzger
perry at piermont.com
Sat Jul 9 17:42:37 EDT 2005
Nick Owen <nowen at wikidsystems.com> writes:
> It would seem simple to thwart such a trojan with strong authentication
> simply by requiring a second one-time passcode to validate the
> transaction itself in addition to the session.
Far better would be to have a token with a display attached to the
PC. The token will display a requested transaction to the user and
only sign it if the user agrees. Because the token is a trusted piece
of hardware that the user cannot install software on, it provides a
trusted communications path to the user that the PC itself cannot.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list