On Mar 5, 2005, at 11:32, Ed Gerck wrote:
The worse part, however, is that the server side can always fake your authentication using a third-party because the server side can always calculate ahead and generate "your next number" for that third-party to enter -- the same number that you would get from your token. So, if someone breaks into your file using "your" number -- who is responsible? The server side can always deny foul play.
Huh? The server can always say "response was good" when it wasn't good. Unless someone reclaims the server from the corrupt operator and analyzes it, the results are the same.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
