the limits of crypto and authentication

Florian Weimer fw at deneb.enyo.de
Sun Jul 10 06:12:53 EDT 2005


> Take a look at Boojum Mobile -- it is
> precisely the idea of using the cell
> phone as an out-of-band chanel for an
> in-band transaction.
>
> http://www.boojummobile.com

In the foreseeable future, this approach won't stop fraudulent
transactions because the one-time password does not depend on the
transaction content.  Anything which doesn't display essential parts
of the transaction contents to the end user over a trusted channel is
doomed to failure.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list