the limits of crypto and authentication
Florian Weimer
fw at deneb.enyo.de
Sun Jul 10 06:15:36 EDT 2005
* Perry E. Metzger:
> Nick Owen <nowen at wikidsystems.com> writes:
>> It would seem simple to thwart such a trojan with strong authentication
>> simply by requiring a second one-time passcode to validate the
>> transaction itself in addition to the session.
>
> Far better would be to have a token with a display attached to the
> PC. The token will display a requested transaction to the user and
> only sign it if the user agrees. Because the token is a trusted piece
> of hardware that the user cannot install software on, it provides a
> trusted communications path to the user that the PC itself cannot.
On the surface, we already have such technology in Germany (it's
optional for bank customers), but there's a drawback: The external
device doesn't know anything about the structure of banking
transactions, so it relies on the (potentially compromised) host
system to send the correct message to display before generating the
signature. Ouch.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list