[Cryptography] Clever physical 2nd-factor authentication
John Ioannidis
ji at tla.org
Wed Apr 2 19:06:04 EDT 2014
On Wed, Apr 2, 2014 at 7:01 AM, Jerry Leichter <leichter at lrw.com> wrote:
> It's a challenge/response style technique with a clever cheap low-tech implementation. Basic idea: The user gets a credit card with a transparent window on which a user-specific mask - a pattern of lines - is pre-printed. The server sends an image that, when viewed through the mask, forms a passcode to be sent back to the server.
>
> I didn't spend enough time exploring the site to get a feel for all the details, or how secure it might actually be. But it's nice to see people coming up with new approaches and doing the necessary engineering work (e.g., the client side software lets you easily adjust the size and position of the image as presented so that it matches the credit card).
>
> http://passwindow.com/
> -- Jerry
>
So they reinvented the one-time pad? Worse than an OTP, really, since
it just masks bits, it doesn't flip them. Collect a few of those
challenges, and you can recreate the original mask, no?
/ji
More information about the cryptography
mailing list