On Sun, Sep 11, 2005 at 10:53:34PM +1200, Peter Gutmann wrote: > The problem with this is that in 99.99% of cases the insecure networked > machine *is* the reader, rendering the smart card pretty much pointless. I've
Pat Farrel spoke about the infrastructure required for smartcards to have at all a point. Inexpensive USB readers with integrated keypad (and LCD display) exist, and are a basic component of such smartcard infrastructure. Unless it's pure snakeoil, by design. > only ever seen a handful of card readers that have keypads and displays, and > none that have succeeded commercially. Everyone just gets the cheap reader- > only devices. USB smarcard readers with displays are not expensive, especially if purchased in quantities. A financial institution would probably recover the costs quite rapidly, if it gave away smartcards and such readers for free to its customers, given the amount of fraud. It is symptomatic that this is not happening, and that e.g. HBCI support hereabouts is very thin. HBCI+smartcard, especially on a non-Redmond system, is nearly impossible to set up. Zero support. (Support in fact discourages use of smartcard). Default for local online banking is PIN/TAN (TANs distributed on dead tree). -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
signature.asc
Description: Digital signature