[Cryptography] Clever physical 2nd-factor authentication
Jonathan Thornburg
jthorn at astro.indiana.edu
Thu Apr 3 14:07:09 EDT 2014
This seems like a variant on the Cardano grille
https://en.wikipedia.org/wiki/Grille_%28cryptography%29
It also resembles a generalization of a scheme I've seen used by some
UK banks: the customer has an N-digit PIN, and on any given transaction
she is asked for some proper subset of those digits.
In each case, replaying a single captured transaction should fail, but
an attacker who can observe or actively-attack multiple transactions
can easily break the system.
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list