two-factor authentication problems
Matt Crawford
crawdad at fnal.gov
Sun Mar 6 21:37:56 EST 2005
On Mar 5, 2005, at 11:32, Ed Gerck wrote:
> The worse part, however, is that the server side can always fake your
> authentication using a third-party because the server side can
> always calculate ahead and generate "your next number" for that
> third-party to enter -- the same number that you would get from your
> token. So, if someone breaks into your file using "your" number --
> who is responsible? The server side can always deny foul play.
Huh? The server can always say "response was good" when it wasn't
good. Unless someone reclaims the server from the corrupt operator and
analyzes it, the results are the same.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list