| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42F52048.7000401@key2it.com.au> Date: Sat Aug 6 07:40:58 2005 From: lyal.collins at key2it.com.au (root) Subject: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh wrote: >The only most secure protection is a one time password with a challenge / >response scheme. Most of the banks in europe already do this. > >They give out a calculator like device to the customers and when u want to >login you are presented with a challenge that you punch into you device >which spits a response that you enter that into the form.... > >Costly for the bank but very effective security for the customer and bank in >terms of gain in security and decrease in losses due to fraud .... > > >- Aditya > > > > >________________________________________________________________________ >Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > Respectfully, I disagree. Although I never attended, this year's IT Underground conference in poland promised a hand on session breaking OTP tokens. As Schneier says, OT token device merely force a tactical shift by the attacker, not a permanent fix. The credit card industry's 'fixes' have only been effective for weeks to months over the past decade, so I don't consider OTPs will make much difference relative to the cost in the mid-long term. Lyal
Powered by blists - more mailing lists