[Beowulf] One time password generators...

James Cownie jcownie at cantab.net
Thu Mar 26 15:23:36 EDT 2009


On 26 Mar 2009, at 13:57, Leif Nixon wrote:

>
> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge- 
> response
> procedure to log in to the Internet banking site - nothing new so  
> far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of  
> the
> transaction data (like the total amount to transfer) into the crypto  
> token.
>
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.
>

But check this analysis of the UK version, which seems to be almost  
exactly as described...

http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf

--
-- Jim
--
James Cownie <jcownie at cantab.net>



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.clustermonkey.net/pipermail/beowulf/attachments/20090326/fb46d989/attachment-0001.html>
-------------- next part --------------
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf


More information about the Beowulf mailing list