[Beowulf] One time password generators...
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
James Cownie jcownie at cantab.netThu Mar 26 12:23:36 PDT 2009
- Previous message: [Beowulf] One time password generators...
- Next message: [Beowulf] One time password generators...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 26 Mar 2009, at 13:57, Leif Nixon wrote: > > Well, some banks over here have a authentication system that uses a > hardware crypto token with a keypad. You use it for a challenge- > response > procedure to log in to the Internet banking site - nothing new so > far - > but you also use it to sign (using challenge-response) each bunch of > transactions you perform on the banking site. And - this is the key > point - to sign the transactions you actually enter certain parts of > the > transaction data (like the total amount to transfer) into the crypto > token. > > Even with total control over the client PC, it's real hard for an > attacker to do anything really evil in that setting. > But check this analysis of the UK version, which seems to be almost exactly as described... http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf -- -- Jim -- James Cownie <jcownie at cantab.net> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.scyld.com/pipermail/beowulf/attachments/20090326/fb46d989/attachment.html
- Previous message: [Beowulf] One time password generators...
- Next message: [Beowulf] One time password generators...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list