Creativity and security
J. Bruce Fields
bfields at fieldses.org
Fri Mar 24 16:37:39 EST 2006
On Fri, Mar 24, 2006 at 06:47:07PM -0000, Dave Korn wrote:
> J. Bruce Fields wrote:
> > If all that information's printed on the outside of the card, then
> > isn't this battle kind of lost the moment you hand the card to them?
>
> 1- I don't hand it to them. I put it in the chip-and-pin card reader
> myself.
Oh, right, sorry, I missed that.
> In any case, even if I hand it to a cashier, it is within my sight
> at all times.
>
> 2- If it was really that easy to memorize a name and the equivalent of a
> 23-digit number at a glance without having to write anything down, surely
> the credit card companies wouldn't need to issue cards in the first place?
Well, obviously there's some gap between what you need to make use of
the card convenient, and what you'd need if you were an attacker willing
to spend some minimum of effort.
> IOW, unless we're talking about a corrupt employee with a photographic
> memory and telescopic eyes,
Tiny cameras are pretty cheap these days, aren't they? The employee
would be taking more of a risk at that point though, I guess.
--b.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list