[27121] in cryptography@c2.net mail archive
Re: Status of SRP
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Fri Jun 2 21:19:56 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 02 Jun 2006 19:09:41 -0600
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: cryptography@metzdowd.com
In-Reply-To: <87d5dt49wq.fsf@mid.deneb.enyo.de>
Florian Weimer wrote:
> If you've deployed two-factor authentication (like German banks did in
> the late 80s/early 90s), the relevant attacks do involve compromised
> customer PCs. 8-( Just because you can't solve it with your technology
> doesn't mean you can pretend the attacks don't happen.
EU finread terminal was countermeasure to (widely held impression that)
PCs are extremely vulnerable to compromise.
card authentication required pin entry to work ... and finread terminal
had its own PIN-pad distinct the vulnerable PC keyboard. orientation was
towards transaction authentication ... with the finread terminal also
having its own display of what was being authentication. the transaction
authentication orientation was countermeasure to session authentication
orientation where PC compromises could operate within the boundaries of
any authenticated session.
part of thread in sci.crypt mentioning finread terminal as
countermeasure to (widely held view of) the ease of PC compromises
http://www.garlic.com/~lynn/2006k.html#46 Keylogger resistance
http://www.garlic.com/~lynn/2006k.html#52 Keylogger resistance
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
