WYTM - "but what if it was true?"
Chris Kuethe
chris.kuethe at gmail.com
Tue Jun 28 22:43:13 EDT 2005
On 6/27/05, Victor Duchovni <Victor.Duchovni at morganstanley.com> wrote:
> On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote:
>
> > And now we have a market for cracked "trusted" banking clients, both
> > for phishers and lazy people... it's game copy protection wars all
> > over again. :)
> >
>
> Well cracking the bank application is not really in the user's interests
> in this case.
Never underestimate people's shortsightedness and laziness as
motivation to defeat a security system. Sort of how laziness is a
virtue of perl programmers.
> My view is, that when the banking application delivery
> platform becomes cheap enough (say $50 or less), it will make sense for
> the bank to provide a complete ATM system (sans cash) to each user.
Well, software distribution can be outsourced to AOL. :)
I hate it when people say stuff like this, but: "I'm no hardware
engineer, but it shouldn't be that hard to build something like a
selfcontained POS pin-pad about the size of a calculator..." And as I
was snickering while I wrote that, I was trying to enumerate all the
hard parts - things like a tamper-resistant case, software that wasn't
going to be leaking key bits, etc.
> The personal ATM appliance should be difficult to tamper with and should
> accept only a single set of accounts (so that stolen pin numbers are not
> portable)...
The latter will be easy to achieve if you can make inexpensive,
robust, reliable, tamper-resistant, failsafe, userfriendly hardware.
In short, it's 2-factor authentication. Knowing your PIN, and having
your personal ATM appliance.
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list