[Cryptography] Clever physical 2nd-factor authentication
Ben Laurie
ben at links.org
Thu Apr 3 06:36:49 EDT 2014
On 3 April 2014 00:06, John Ioannidis <ji at tla.org> wrote:
> On Wed, Apr 2, 2014 at 7:01 AM, Jerry Leichter <leichter at lrw.com> wrote:
>> It's a challenge/response style technique with a clever cheap low-tech implementation. Basic idea: The user gets a credit card with a transparent window on which a user-specific mask - a pattern of lines - is pre-printed. The server sends an image that, when viewed through the mask, forms a passcode to be sent back to the server.
>>
>> I didn't spend enough time exploring the site to get a feel for all the details, or how secure it might actually be. But it's nice to see people coming up with new approaches and doing the necessary engineering work (e.g., the client side software lets you easily adjust the size and position of the image as presented so that it matches the credit card).
>>
>> http://passwindow.com/
>> -- Jerry
>>
>
>
> So they reinvented the one-time pad? Worse than an OTP, really, since
> it just masks bits, it doesn't flip them. Collect a few of those
> challenges, and you can recreate the original mask, no?
I'm pretty sure you can do this without revealing mask bits in the
challenges. It was used for party invites at the Toronto PETS back in
20mumble.
More information about the cryptography
mailing list