* Steven M. Bellovin: > In message <[EMAIL PROTECTED]>, Nick Owen writes: >>It would seem simple to thwart such a trojan with strong authentication >>simply by requiring a second one-time passcode to validate the >>transaction itself in addition to the session. >> > > How does the user know which transaction is really being authenticated?
You send the pass code in an SMS to the user's mobile phone, together with some information on the transaction. (If the SMS delay is a problem, use a computer-generated phone call.) The pass code is then entered by the user to authorize the transaction. This will eventually break down, once PCs and mobile phones are integrated tightly, but in the meantime, it's reasonably secure even if the client PC is compromised. I'm not sure if users will accept it, though. What's worse, the costs for sending the SMS message (or making the phone call) are so significant that it's unrealistic we'll see widespread use of such technologies. (Manually transferring cryptographic tokens which depend on the transaction contents seems to be infeasible, given the number of bits which must be copied.) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]