On 6/27/05, Victor Duchovni <[EMAIL PROTECTED]> wrote: > On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote: > > > And now we have a market for cracked "trusted" banking clients, both > > for phishers and lazy people... it's game copy protection wars all > > over again. :) > > > > Well cracking the bank application is not really in the user's interests > in this case.
Never underestimate people's shortsightedness and laziness as motivation to defeat a security system. Sort of how laziness is a virtue of perl programmers. > My view is, that when the banking application delivery > platform becomes cheap enough (say $50 or less), it will make sense for > the bank to provide a complete ATM system (sans cash) to each user. Well, software distribution can be outsourced to AOL. :) I hate it when people say stuff like this, but: "I'm no hardware engineer, but it shouldn't be that hard to build something like a selfcontained POS pin-pad about the size of a calculator..." And as I was snickering while I wrote that, I was trying to enumerate all the hard parts - things like a tamper-resistant case, software that wasn't going to be leaking key bits, etc. > The personal ATM appliance should be difficult to tamper with and should > accept only a single set of accounts (so that stolen pin numbers are not > portable)... The latter will be easy to achieve if you can make inexpensive, robust, reliable, tamper-resistant, failsafe, userfriendly hardware. In short, it's 2-factor authentication. Knowing your PIN, and having your personal ATM appliance. -- GDB has a 'break' feature; why doesn't it have 'fix' too? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
