[10397] in cryptography@c2.net mail archive
Re: biometrics
daemon@ATHENA.MIT.EDU (bear)
Tue Feb 5 18:26:11 2002
Date: Tue, 5 Feb 2002 14:47:27 -0800 (PST)
From: bear <bear@sonic.net>
To: Bill Frantz <frantz@pwpconsult.com>
Cc: lynn.wheeler@firstdata.com, <cryptography@wasabisystems.com>
In-Reply-To: <v03110709b87cb2b1859c@[165.247.214.234]>
Message-ID: <Pine.LNX.4.40.0202051439510.8144-100000@newbolt.sonic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 29 Jan 2002, Bill Frantz wrote:
>What would be really nice is to be able to have the same PIN/password for
>everything. With frequent use, forgetting it would be less of a problem,
>as would the temptation to write it down. However, such a system would
>require that the PIN/password be kept secret from the verifier (including
>possibly untrusted hardware/software used to enter it.
You could, I suppose, create an algorithm that takes as inputs
your "single" PIN/password and the name of the entity you're
dealing with, and produces a "daily use" PIN/password for you
to use with that entity.
It wouldn't help much in the daily use arena -- you'd still
have to carry all the daily use PINs around in your head -
but in the scenario where you forget one, it could be used to
recreate it, and it would be a bit more secure than carrying
around the sheet of paper where your 20 PINs are all written
down.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
