Patrick, > But the way Pecunix displays the PIKs makes it difficult if not > impossible to copy and paste them. So maybe Pecunix could also display > each PIK in pure text in a form somewhat like George suggests: > > 1-a 2-4 3-T 4-u 5-X 6-b 7-Q 8-N 9-e 10-j 11-Y 12-u 13-A 14-m 15-9 16-h
Absolutely! > Right now a Pecunix PIK uses the digits 2-9 and the upper and lower > case alphabet except for India, Lima, Oscar. That's 8+23+23 = 54 > characters. Now, ignoring for a moment the fact that a PIK does not > contain repeated characters, that's roughly O(54^16) possible PIKs, or > about O(10^27). Your scheme would have exactly 10^16 possible PIKs > because you would obviously have to allow repeated digits. It is also possible to increase the number of elements in the PIK to all 26 letters from English. This would give a total combinations number of 10^26. However, after some thoughts, I consider that the classic system with user name, password and Turing number is easier to use and, also, the current system is not more secure. Of course, the user name and password (one for each access level) should be generated by the system, randomly, 20 characters long (just small letters and digits). The user would be instructed to keep private the user name and all three passwords. The user would also be instructed to keep them in an encrypted file, and to copy and paste them in the log-in form. The method is both easy and secure. Of course, as you say, it seems most people preffer to print them and that would make it impossible for this method to work since it would require users to type long radom strings. > But if you did this, you might want to list the letter "prompts" in > alphabetical order to make it easier for users to search for the > associated digit :), the thing with the alphabetical order is a real mystery to me, for a very long time. I mean, what the heck is "alphabetical order"? Some idiot thought vowels and consonants should be mixed and give the so called "alphabetical order"! What a silly thing! I have an artificial language on the workbench, and the letters I wrote are put like that because of the way they sound: the stronger and more different than the others a letter is, the more important it is (and gets a better place). The letters should be: "tmbcrvzgjpdhnlfsaoieu", but this is only for languages that "read as written" (like romanian and russian, and most of latin). > She understood it immediately, and instructed me to tell the > list that if she can do it, anyone can. Yes, but she had someone show her how to do it... Robert, > RoboForm Yes, I've heard of it, though never used it. I don't like to let my passwords on the hands of programs which can send them through the HTTP protocol (avoiding firewalls) to somebody. Opera has integrated such a module (to fill-in passwords). Viking, > Regardless, *any* sign of "Please click/copy the following link > immeadiately" in an official-looking email is a serious security breach. The first thing to do is to inform users of such behavior right after they create an account. It is better to put this comment than it is to let scammers send HTML emails with hidden URLs. Users should also be informed how the links will look like, for example they never include characters like @ and % Sidd, > Evidence suggests otherwise George :) I was refering to beginners in computers. When I saw the log-in form I was puzzled for a few (tens of) seconds (and I'm no beginner). > As Patrick pointed out, the idea is to print them I never print private information. I keep it in encrypted files. The existing password is too short, maximum 5 characters (plus the 4 from the system) are not enough. > Pecunix will be modified to have only one PIK per account, but 3 different secret passwords... This is much better, but you should allow longer passwords. For E-gold, my password is formed from about 30 random charaters. > If I wish to give my bookkeeper access to the read-only level I was thinking at the same issue. I didn't find the registration process to be a problem, just the PIK saving and log-in form. Two more things in the user agreement from Pecunix: 1. At some point it is stated that the minimum amount which can be spent is "0.0001 grams". Everywhere else it is specified "grams *of fine gold*". 2. At some point there is something about "acts of God". I don't think anyone could prove such acts in a court of law :) Thank you for the bounty, I got it. Pretty nifty this "send money to an email" method. Oh, and maybe you can find a good anti-key-logger program and put a link to it in the download page. Even if the PIKs are safe (for being images), the passwords are not. I was thinking to something else: isn't there any way to check using the browser (basically, your log-in page should do this) if there is any program (the key-logger) hooked to the keyboard handler, or a text screen harvester? If it is possible, the log-in form could tell users there is a security breach. George Hara ------------------------------------------------------- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
