Crypto dongles to secure online transactions

John Levine johnl at iecc.com
Sat Nov 21 16:56:11 EST 2009


>we claimed we do something like two orders magnitude reduction in
>fully-loaded costs by going to no personalization (and other things)
>...

My concern with that would be that if everyone uses the the same
signature scheme and token, the security of the entire industry
becomes dependent on the least competent bank in the country not
leaking the verification secret.

For something like a chip+pin system it is my understanding that the
signature algorithm is in the chip and different chips can use
different secrets and different algorithms, so a breach at one bank
need not compromise all the others.

R's,
John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list