Crypto dongles to secure online transactions

Jerry Leichter leichter at
Sun Nov 8 21:41:51 EST 2009

On Nov 8, 2009, at 2:07 AM, John Levine wrote:

> At a meeting a few weeks ago I was talking to a guy from BITS, the
> e-commerce part of the Financial Services Roundtable, about the way
> that malware infected PCs break all banks' fancy multi-password logins
> since no matter how complex the login process, a botted PC can wait
> until you login, then send fake transactions during your legitimate
> session.  This is apparently a big problem in Europe.
> I told him about an approach to use a security dongle that puts the
> display and confirmation outside the range of the malware, and
> although I thought it was fairly obvious, he'd apparently never heard
> it before.
Wow.  *That's* scary.

> When I said I'd been thinking about it for a while, he
> asked if I could write it up so we could discuss it further.
> So before I send it off, if people have a moment could you look at it
> and tell me if I'm missing something egregiously obvious?  Tnx.
> I've made it an entry in my blog at
Technical content is fine, with one comment:  You don't need a big  
keyboard to allow for a secure "user login":  Even a single one will  
do.  You'd have a list of, say, 5 key words that you memorize.  When  
the device turns on, it flashes a set of 10 words across the screen,  
one at a time for 1 second a piece (times/numbers subject to usability  
testing).  Exactly one is from your list of 5; you need to press the  
button while your word is on the screen.  Repeat this process 3 times  
and the chance of guessing the right words is 1 in a thousand.  (Yes,  
someone can watch you using the device, but if it continues to the end  
of the set of 10 even after you press the button, it's a bit of a  
challenge to know which one you picked - and of course they could  
watch you type your password.)

It does need another pass for typos and such - e.g., "to defeat  
attacks that steal credentials and reuse *it* to set up another  
session later".

I think $50 is a very high estimate.  (Lynn Wheeler has described a  
design for a more powerful version of such a device that, as I recall,  
came in well under this figure a couple of years back.)  Note that if  
the bank supplies the device - so that it necessarily knows any secret  
contained in it, and it's designed to be resistant to attempts to  
determine the secrets in it - then you don't need to use public key  
crypto; symmetric algorithms are just fine.  These require very little  
compute power and memory.

Once you assume that the secure endpoints are the device and the bank,  
the connection between the device and the PC is something you don't  
need to worry about.  For somewhat higher cost than USB, you can use  
Bluetooth.  Then the device can be anything.  Look at the iPod shuffle  
and imagine how Apple might build such a thing.  It could easily  
become a fashion accessory - a bank could get a lot of marketing  
mileage out of providing a fob with some famous designer's name on it.
                                                          -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list