[Beowulf] One time password generators...
jcownie at cantab.net
Thu Mar 26 12:23:36 PDT 2009
On 26 Mar 2009, at 13:57, Leif Nixon wrote:
> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge-
> procedure to log in to the Internet banking site - nothing new so
> far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of
> transaction data (like the total amount to transfer) into the crypto
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.
But check this analysis of the UK version, which seems to be almost
exactly as described...
James Cownie <jcownie at cantab.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Beowulf