* Peter Fairbrother: > No, it isn't! A handwritten signature is far better, it gives post-facto > evidence about who authorised the transaction - it is hard to fake a > signature so well that later analysis can't detect the forgery,
Apparently, handwritten signatures can be repudiated, at least I've heard of a few cases where this likely was the case (but naturally, graphologists didn't agree if the signature was genuine). You can even use a signature machine to facilitate repudiation at a later date. > Also there are several attacks on Chip n' PIN as deployed here in the UK, > starting with the fake reader attacks - for instance, a fake reader says you > are authorising a payment for $6.99 while in fact the card and PIN are being > used to authorise a transaction for $10,000 across the street. In Germany, there's a widely used system based on PIN and a magnetic stripe, and you can buy used reader devices on Ebay. 8-( This makes it rather easy to mount a MITM attack. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]