WYTM - "but what if it was true?"

Chris Kuethe chris.kuethe at gmail.com
Tue Jun 28 22:43:13 EDT 2005


On 6/27/05, Victor Duchovni <Victor.Duchovni at morganstanley.com> wrote:
> On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote:
> 
> > And now we have a market for cracked "trusted" banking clients, both
> > for phishers and lazy people... it's game copy protection wars all
> > over again. :)
> >
> 
> Well cracking the bank application is not really in the user's interests
> in this case.

Never underestimate people's shortsightedness and laziness as
motivation to defeat a security system. Sort of how laziness is a
virtue of perl programmers.

> My view is, that when the banking application delivery
> platform becomes cheap enough (say $50 or less), it will make sense for
> the bank to provide a complete ATM system (sans cash) to each user.

Well, software distribution can be outsourced to AOL. :)

I hate it when people say stuff like this, but: "I'm no hardware
engineer, but it shouldn't be that hard to build something like a
selfcontained POS pin-pad about the size of a calculator..." And as I
was snickering while I wrote that, I was trying to enumerate all the
hard parts - things like a tamper-resistant case, software that wasn't
going to be leaking key bits, etc.

> The personal ATM appliance should be difficult to tamper with and should
> accept only a single set of accounts (so that stolen pin numbers are not
> portable)...

The latter will be easy to achieve if you can make inexpensive,
robust, reliable, tamper-resistant, failsafe, userfriendly hardware.

In short, it's 2-factor authentication. Knowing your PIN, and having
your personal ATM appliance.

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list