two-factor authentication problems

Gabriel Haythornthwaite gabriel at castelain.com.au
Sun Mar 6 23:51:07 EST 2005 

You're quite correct Matt,

Which is why IMHO you can only really get true "non-repudiation" through use
of PKI.  And more specifically:
- where the key pair was generated by the end-user, and
- where the server has stored a copy of the transaction - digitally signed
by the end user - which it can reproduce in court.  

In this case, a corrupt operator could not have faked the transaction even
if they had wanted to. 

RSA SecureID and OATH technology have some great virtues:
- they cost nothing to integrate at the client end - there is no client
"footprint" so there's nothing to go wrong
- they are relatively easy to understand and use
- they're unquestionably better than reliance on user IDs and passwords.

What they won't do is:
- provide non-repudiation
- defend against man-in-the-middle attacks, or
- provide a robust defence against phishing scams

And for these reasons I suspect their days are numbered.

All the best,


Gabriel Haythornthwaite
gabriel at castelain.com.au
Phone: +61 412 544 632
Fax: +61 2 9798 3935
www.castelain.com.au



> -----Original Message-----
> From: owner-cryptography at metzdowd.com 
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Matt Crawford
> Sent: Monday, 7 March 2005 1:38 PM
> To: Ed Gerck
> Cc: cryptography at metzdowd.com
> Subject: Re: two-factor authentication problems
> 
> 
> 
> On Mar 5, 2005, at 11:32, Ed Gerck wrote:
> 
> > The worse part, however, is that the server side can always 
> fake your 
> > authentication using a third-party because the server side 
> can always 
> > calculate ahead and generate "your next number" for that 
> third-party 
> > to enter -- the same number that you would get from your 
> token. So, if 
> > someone breaks into your file using "your" number -- who is 
> > responsible? The server side can always deny foul play.
> 
> Huh?  The server can always say "response was good" when it wasn't 
> good.  Unless someone reclaims the server from the corrupt 
> operator and 
> analyzes it, the results are the same.
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to 
> majordomo at metzdowd.com
> 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list