Re: two-factor authentication problems

Anne & Lynn Wheeler Sun, 13 Mar 2005 11:18:17 -0800

Gabriel Haythornthwaite wrote:

You're quite correct Matt,
Which is why IMHO you can only really get true "non-repudiation" through use of PKI. And more specifically: - where the key pair was generated by the end-user, and - where the server has stored a copy of the transaction - digitally signed by the end user - which it can reproduce in court.

In this case, a corrupt operator could not have faked the transaction even if they had wanted to.
RSA SecureID and OATH technology have some great virtues:
- they cost nothing to integrate at the client end - there is no client
"footprint" so there's nothing to go wrong
- they are relatively easy to understand and use
- they're unquestionably better than reliance on user IDs and passwords.
What they won't do is:
- provide non-repudiation
- defend against man-in-the-middle attacks, or
- provide a robust defence against phishing scams
And for these reasons I suspect their days are numbered.

in general, non-repudiation is a legal term and is associated with a legal signature ... which implies a person has read, understands, agreed, approves, and/or authorizes what is being signed.

a digital signature is somewhat of a semantic misnomer since by itself, it carries none of the characteristics commonly associated with a legal signature.

a digital signature, by itself, implies that some entity has accessed and used a specific private key. there is nothing in the standard, basic PKI infrastructure that either

1) implies that anything associated with any form of 3-factor authentication was necessary in the access and use of a private key (in the generation of a digital signature)

2) that there was any demonstration that there was any reading, understanding, agreement, approval, and/or authorization associated with the access and/or use of a private key (in the generation of a digital signature).

part of this i pointed out in a number of postings on dual-use digital signature attack ... where the scenario is that digital signature is being used to imply simple authentication aka possibly some flavor of a challenge was transmitted, the receiving entity then used a private key to digitally sign the challenge and return the digital signature (there is a extremely vague implicit assumption that any component of 3factor authentication was used in access and use of the private key ... with the existance of a digital signature hopefully implying that some component of 3factor authentication actually occured in the access and use of the private key).

issues are

a) frequently challenge type protocols don't bother to present (the possibly totally random) bits (being signed) to the entity (that is assumed to be associated with the digital signature).

b) frequently infrastructures that attempt to equate legal signature and digital signature ... will accept the existance of a digital signature applied to some number of bits as representing that the associated entity actually read, understood, approved, agrees, and/or authorizes the semantic meaning associated with the bits that were signed ... w/o requiring either 1) some demonstration/proof that 3factor authentication was used in the access and use of the private key for the digital signature and/or 2) that the meaning of what was digital signed had actually been read, understood, approved, agreed and/or authorized

in the dual-use attack, bits that might have semantic meaning are presented as random and/or meaningless as part of an authentication challenge/response protoocol. The attacker then takes and represents that the challenge bits that were signed ... were actually signed in the sense of a legal signature.

as a totally extraneous observation ... the discussion up to this point has been totally agnostic with regard to whether an infrastructure attempting to show some relationship between a digital signature and a legal signature involves PKI in anyway what so ever and/or is totally certificateless with regard to establishing a relationship between an entity and what might be assumed from the existance of a digital signature.

past posts regarding 3-factor authentication
http://www.garlic.com/~lynn/subpubkey.html#3factor

EU finread standard attempting to address some of the issues regarding providing some level of assurance about 1) any characteristic of 3factor authentication actually occuring when the private key was accessed and used for a digital signature and 2) the entity might have actually read and approves the transaction http://www.garlic.com/~lynn/subpubkey.html#finread

past posts on dual-use vulnerability http://www.garlic.com/~lynn/aadsm17.htm#55 Using crypto against Phishing, Spoofing and Spamming http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#0 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#4 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#6 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#12 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#13 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#17 should you trust CAs? (Re: dual-use digital signature vulnerability) http://www.garlic.com/~lynn/aadsm18.htm#32 EMV cards as identity cards http://www.garlic.com/~lynn/aadsm18.htm#35 Credit card leaks continue at a furious pace http://www.garlic.com/~lynn/2004h.html#51 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004h.html#58 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004i.html#24 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004m.html#4 REVIEW: "Biometrics for Network Security", Paul Reid http://www.garlic.com/~lynn/2005.html#14 Using smart cards for signing and authorization in applets http://www.garlic.com/~lynn/2005b.html#56 [Lit.] Buffer overruns http://www.garlic.com/~lynn/2005c.html#51 [Lit.] Buffer overruns

past posts on non-repudiation ... and possibly some characteristics that might be required to demonstrate a person has read, understood, approved, agrees, and/or authorized what was digitally signed: http://www.garlic.com/~lynn/aepay7.htm#nonrep0 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep1 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep2 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep4 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep5 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#nonrep6 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#3dsecure 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure http://www.garlic.com/~lynn/aepay10.htm#72 Invisible Ink, E-signatures slow to broadly catch on http://www.garlic.com/~lynn/aepay10.htm#76 Invisible Ink, E-signatures slow to broadly catch on (addenda) http://www.garlic.com/~lynn/aepay11.htm#22 FBI Probing Theft of 8 Million Credit Card Numbers http://www.garlic.com/~lynn/aepay11.htm#53 Authentication white paper http://www.garlic.com/~lynn/aepay11.htm#55 FINREAD ... and as an aside http://www.garlic.com/~lynn/aepay11.htm#56 FINREAD was. Authentication white paper http://www.garlic.com/~lynn/aepay11.htm#66 Confusing Authentication and Identiification? http://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures http://www.garlic.com/~lynn/aadsm5.htm#shock2 revised Shocking Truth about Digital Signatures http://www.garlic.com/~lynn/aadsm5.htm#ocrp Online Certificate Revocation Protocol http://www.garlic.com/~lynn/aadsm5.htm#spki2 Simple PKI http://www.garlic.com/~lynn/aadsm6.htm#nonreput Sender and receiver non-repudiation http://www.garlic.com/~lynn/aadsm6.htm#nonreput2 Sender and receiver non-repudiation http://www.garlic.com/~lynn/aadsm6.htm#terror7 [FYI] Did Encryption Empower These Terrorists? http://www.garlic.com/~lynn/aadsm6.htm#terror10 [FYI] Did Encryption Empower These Terrorists? http://www.garlic.com/~lynn/aadsm7.htm#pcards4 FW: The end of P-Cards? http://www.garlic.com/~lynn/aadsm7.htm#cryptofree Erst-Freedom: Sic Semper Political Cryptography http://www.garlic.com/~lynn/aadsm7.htm#rubberhose Rubber hose attack http://www.garlic.com/~lynn/aadsm8.htm#softpki8 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki9 Software for PKI http://www.garlic.com/~lynn/aadsm9.htm#softpki23 Software for PKI http://www.garlic.com/~lynn/aadsm9.htm#carnivore Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern" http://www.garlic.com/~lynn/aadsm9.htm#pkcs12b A PKI Question: PKCS11-> PKCS12 http://www.garlic.com/~lynn/aadsm10.htm#cfppki13 CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm10.htm#cfppki15 CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm10.htm#cfppki18 CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm10.htm#paiin PAIIN security glossary & taxonomy http://www.garlic.com/~lynn/aadsm10.htm#tamper Limitations of limitations on RE/tampering (was: Re: biometrics) http://www.garlic.com/~lynn/aadsm10.htm#bio3 biometrics (addenda) http://www.garlic.com/~lynn/aadsm10.htm#bio7 biometrics http://www.garlic.com/~lynn/aadsm10.htm#keygen2 Welome to the Internet, here's your private key http://www.garlic.com/~lynn/aadsm11.htm#5 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#6 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#7 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#8 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#9 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#11 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#12 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#13 Words, Books, and Key Usage http://www.garlic.com/~lynn/aadsm11.htm#14 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#15 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm12.htm#5 NEWS: 3D-Secure and Passport http://www.garlic.com/~lynn/aadsm12.htm#12 TOC for world bank e-security paper http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM] http://www.garlic.com/~lynn/aadsm12.htm#30 Employee Certificates - Security Issues http://www.garlic.com/~lynn/aadsm12.htm#37 Legal entities who sign http://www.garlic.com/~lynn/aadsm12.htm#38 Legal entities who sign http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication http://www.garlic.com/~lynn/aadsm12.htm#59 e-Government uses "Authority-stamp-signatures" http://www.garlic.com/~lynn/aadsm12.htm#64 Invisible Ink, E-signatures slow to broadly catch on (addenda) http://www.garlic.com/~lynn/aadsm13.htm#20 surrogate/agent addenda (long) http://www.garlic.com/~lynn/aadsm14.htm#20 Payments as an answer to spam (addenda) http://www.garlic.com/~lynn/aadsm14.htm#23 Maybe It's Snake Oil All the Way Down http://www.garlic.com/~lynn/aadsm14.htm#39 An attack on paypal http://www.garlic.com/~lynn/aadsm14.htm#47 UK: PKI "not working" http://www.garlic.com/~lynn/aadsm14.htm#48 basic question: semantics of "map", "tie", etc in PKI http://www.garlic.com/~lynn/aadsm15.htm#32 VS: On-line signature standards http://www.garlic.com/~lynn/aadsm15.htm#33 VS: On-line signature standards http://www.garlic.com/~lynn/aadsm15.htm#34 VS: On-line signature standards (slight addenda) http://www.garlic.com/~lynn/aadsm15.htm#35 VS: On-line signature standards http://www.garlic.com/~lynn/aadsm15.htm#36 VS: On-line signature standards http://www.garlic.com/~lynn/aadsm15.htm#37 VS: On-line signature standards http://www.garlic.com/~lynn/aadsm15.htm#40 FAQ: e-Signatures and Payments http://www.garlic.com/~lynn/aadsm16.htm#9 example: secure computing kernel needed http://www.garlic.com/~lynn/aadsm16.htm#11 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed) http://www.garlic.com/~lynn/aadsm16.htm#13 The PAIN mnemonic http://www.garlic.com/~lynn/aadsm16.htm#14 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm16.htm#17 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm16.htm#18 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm16.htm#23 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm17.htm#3 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm17.htm#5 Non-repudiation (was RE: The PAIN mnemonic) http://www.garlic.com/~lynn/aadsm17.htm#28 Definitions of "Security"? http://www.garlic.com/~lynn/aadsm17.htm#53 Using crypto against Phishing, Spoofing and Spamming http://www.garlic.com/~lynn/aadsm17.htm#55 Using crypto against Phishing, Spoofing and Spamming http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#0 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#4 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#55 MD5 collision in X509 certificates http://www.garlic.com/~lynn/99.html#224 X9.59/AADS announcement at BAI this week http://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues. http://www.garlic.com/~lynn/2001c.html#30 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#34 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#39 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#40 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#41 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#42 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#43 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#44 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#45 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#46 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#47 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#50 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#51 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#52 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#54 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#57 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#59 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#60 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#73 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate http://www.garlic.com/~lynn/2001d.html#69 Block oriented I/O over IP http://www.garlic.com/~lynn/2001f.html#31 Remove the name from credit cards! http://www.garlic.com/~lynn/2001g.html#1 distributed authentication http://www.garlic.com/~lynn/2001g.html#11 FREE X.509 Certificates http://www.garlic.com/~lynn/2001g.html#38 distributed authentication http://www.garlic.com/~lynn/2001g.html#61 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#62 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001h.html#7 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe??? http://www.garlic.com/~lynn/2001i.html#36 Net banking, is it safe??? http://www.garlic.com/~lynn/2001i.html#57 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#45 OT - Internet Explorer V6.0 http://www.garlic.com/~lynn/2001j.html#49 Are client certificates really secure? http://www.garlic.com/~lynn/2001j.html#52 Are client certificates really secure? http://www.garlic.com/~lynn/2001k.html#1 Are client certificates really secure? http://www.garlic.com/~lynn/2001k.html#34 A thought on passwords http://www.garlic.com/~lynn/2001m.html#27 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement http://www.garlic.com/~lynn/2001m.html#43 FA: Early IBM Software and Reference Manuals http://www.garlic.com/~lynn/2001n.html#71 Q: Buffer overflow http://www.garlic.com/~lynn/2002c.html#7 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002c.html#15 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002c.html#42 Beginning of the end for SNA? http://www.garlic.com/~lynn/2002d.html#16 Mainframers: Take back the light (spotlight, that is) http://www.garlic.com/~lynn/2002d.html#41 Why? http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002e.html#29 Crazy idea: has it been done? http://www.garlic.com/~lynn/2002e.html#36 Crypting with Fingerprints ? http://www.garlic.com/~lynn/2002e.html#58 O'Reilly C Book http://www.garlic.com/~lynn/2002f.html#10 Least folklorish period in computing (was Re: IBM Mainframe at home) http://www.garlic.com/~lynn/2002f.html#23 Computers in Science Fiction http://www.garlic.com/~lynn/2002f.html#35 Security and e-commerce http://www.garlic.com/~lynn/2002f.html#45 Biometric Encryption: the solution for network intruders? http://www.garlic.com/~lynn/2002g.html#37 Security Issues of using Internet Banking http://www.garlic.com/~lynn/2002g.html#69 Digital signature http://www.garlic.com/~lynn/2002h.html#41 Biometric authentication for intranet websites? http://www.garlic.com/~lynn/2002h.html#68 Are you really who you say you are? http://www.garlic.com/~lynn/2002i.html#67 Does Diffie-Hellman schema belong to Public Key schema family? http://www.garlic.com/~lynn/2002i.html#77 Does Diffie-Hellman schema belong to Public Key schema family? http://www.garlic.com/~lynn/2002j.html#24 Definition of Non-Repudiation ? http://www.garlic.com/~lynn/2002j.html#40 Beginner question on Security http://www.garlic.com/~lynn/2002k.html#42 MVS 3.8J and NJE via CTC http://www.garlic.com/~lynn/2002l.html#5 What good is RSA when using passwords ? http://www.garlic.com/~lynn/2002l.html#24 Two questions on HMACs and hashing http://www.garlic.com/~lynn/2002m.html#17 A new e-commerce security proposal http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal http://www.garlic.com/~lynn/2002m.html#36 (OT) acceptance of technology, was: Convenient and secure http://www.garlic.com/~lynn/2002m.html#38 Convenient and secure eCommerce using POWF http://www.garlic.com/~lynn/2002n.html#13 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002n.html#16 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002n.html#19 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002n.html#25 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002n.html#26 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint http://www.garlic.com/~lynn/2002p.html#23 Cost of computing in 1958? http://www.garlic.com/~lynn/2003e.html#47 Public key and the authority problem http://www.garlic.com/~lynn/2003f.html#35 Public Encryption Key http://www.garlic.com/~lynn/2003f.html#37 unix http://www.garlic.com/~lynn/2003h.html#6 IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM http://www.garlic.com/~lynn/2003h.html#18 Authentication protocol http://www.garlic.com/~lynn/2003h.html#25 HELP, Vulnerability in Debit PIN Encryption security, possibly http://www.garlic.com/~lynn/2003h.html#29 application of unique signature http://www.garlic.com/~lynn/2003h.html#38 entity authentication with non-repudiation http://www.garlic.com/~lynn/2003h.html#42 IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs http://www.garlic.com/~lynn/2003.html#19 Message (authentication/integrity); was: Re: CRC-32 collision http://www.garlic.com/~lynn/2003.html#29 Message (authentication/integrity); was: Re: CRC-32 collision http://www.garlic.com/~lynn/2003i.html#1 Two-factor authentication with SSH? http://www.garlic.com/~lynn/2003i.html#35 electronic-ID and key-generation http://www.garlic.com/~lynn/2003i.html#36 electronic-ID and key-generation http://www.garlic.com/~lynn/2003j.html#47 The Tao Of Backup: End of postings http://www.garlic.com/~lynn/2003k.html#6 Security models http://www.garlic.com/~lynn/2003l.html#65 Strength of RSA with known plain-text http://www.garlic.com/~lynn/2003m.html#38 Questioning risks of using the same key for authentication and encryption http://www.garlic.com/~lynn/2003m.html#51 public key vs passwd authentication? http://www.garlic.com/~lynn/2003o.html#22 securID weakness http://www.garlic.com/~lynn/2003o.html#29 Biometric cards will not stop identity fraud http://www.garlic.com/~lynn/2003o.html#44 Biometrics http://www.garlic.com/~lynn/2003p.html#4 Does OTP need authentication? http://www.garlic.com/~lynn/2003p.html#11 Order of Encryption and Authentication http://www.garlic.com/~lynn/2003p.html#17 Does OTP need authentication? http://www.garlic.com/~lynn/2004e.html#20 Soft signatures http://www.garlic.com/~lynn/2004h.html#13 Two-factor Authentication Options? http://www.garlic.com/~lynn/2004h.html#30 ECC Encryption http://www.garlic.com/~lynn/2004.html#29 passwords http://www.garlic.com/~lynn/2004i.html#17 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004i.html#24 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004j.html#6 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004m.html#4 REVIEW: "Biometrics for Network Security", Paul Reid http://www.garlic.com/~lynn/2005d.html#32 Is a cryptographic monoculture hurting us all?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: two-factor authentication problems

Reply via email to