we claimed we do something like two orders magnitude reduction in
fully-loaded costs by going to no personalization (and other things)
...
My concern with that would be that if everyone uses the the same
signature scheme and token, the security of the entire industry
becomes dependent on the
On Nov 18, 2009, at 6:16 PM, Anne Lynn Wheeler wrote:
... we could moved to a person-centric paradigm ... where a person
could use the same token for potentially all their interactions ...
we claimed we do something like two orders magnitude reduction in
fully-loaded costs by going to no
On 11/21/2009 04:56 PM, John Levine wrote:
we claimed we do something like two orders magnitude reduction in
fully-loaded costs by going to no personalization (and other things)
...
My concern with that would be that if everyone uses the the same
signature scheme and token, the security of the
On 11/21/2009 05:56 PM, Jerry Leichter wrote:
On Nov 18, 2009, at 6:16 PM, Anne Lynn Wheeler wrote:
... we could moved to a person-centric paradigm ... where a person
could use the same token for potentially all their interactions ...
we claimed we do something like two orders magnitude
leich...@lrw.com (Jerry Leichter) on Saturday, November 21, 2009 wrote:
It's no big deal to read these cards,
and from many times the inch or so that the standard readers require.
So surely someone has built a portable reader for counterfeiting the cards
they read in restaurants near big
On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:
leich...@lrw.com (Jerry Leichter) on Saturday, November 21, 2009
wrote:
It's no big deal to read these cards,
and from many times the inch or so that the standard readers require.
So surely someone has built a portable reader for
On Fri, 20 Nov 2009, Peter Gutmann wrote:
There's been a near-neverending debate about who should be responsible for
improving online banking security measures: the users, the banks, the
government, the OS vendor, ... . Here's an interesting perspective from Peter
Benson
The FINREAD smart card reader was a European run at moving trust-bearing
transactions to an outboard device. It was a full Java VM in a
tamper-resistant box with a modest GUI, biometrics, lots of security on the
I/O ports and much attention to application isolation. FINREAD readers were
produced
On Fri, 2009-11-20 at 20:13 +1300, Peter Gutmann wrote:
Because (apart from the reasons given above) with business use specifically
you run into insurmountable PC - device communications problems. Many
companies who handle large financial transactions are also ones who, due to
concern over
Peter Gutmann wrote:
external data from finding its way onto their corporate networks (they are
really, *really* concerned about this). If you wanted this to work, you'd
need to build a device with a small CMOS video sensor to read data from the
browser via QR codes and return little more than
Begin forwarded message:
From: Radu Sion s...@cs.sunysb.edu
Date: November 23, 2009 8:42:06 AM GMT-04:00
To: fc-annou...@ifca.ai
Subject: [fc-announce] FC 2010: Call for Posters. Accepted Papers.
Financial Cryptography and Data Security
Tenerife, Canary Islands, Spain
25-28 January 2010
Hi list...hope there are some Java developers out there and that this is not
too off topic for this list's charter.
Does anyone know the *proper* (and portable) way to check if a Java VM is
using the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
Policy files (e.g., for JDK 6,
On Wed, Nov 11, 2009 at 10:57:04AM -0500, Jonathan Katz wrote:
Anyone care to give a layman's explanation of the attack? The
explanations I have seen assume a detailed knowledge of the way TLS/SSL
handle re-negotiation, which is not something that is easy to come by
without reading the RFC.
FWIW, my implementation of this for OWASP ESAPI is at:
http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/test/java/org/owasp/esapi/reference/CryptoPolicy.java
The main() is there just for stand-alone testing. From the ESAPI JUnit tests,
I call:
if ( keySize 128
On 11/21/2009 06:31 PM, Jerry Leichter wrote:
Well, my building card is plain white. If anyone duplicated it, there'd be nothing
stopping them from going in. But then the actual security offered by those cards - and
the building controls - is more for show (and I suppose to keep the riffraff
15 matches
Mail list logo