* Perry E. Metzger: > Nick Owen <[EMAIL PROTECTED]> writes: >> It would seem simple to thwart such a trojan with strong authentication >> simply by requiring a second one-time passcode to validate the >> transaction itself in addition to the session. > > Far better would be to have a token with a display attached to the > PC. The token will display a requested transaction to the user and > only sign it if the user agrees. Because the token is a trusted piece > of hardware that the user cannot install software on, it provides a > trusted communications path to the user that the PC itself cannot.
On the surface, we already have such technology in Germany (it's optional for bank customers), but there's a drawback: The external device doesn't know anything about the structure of banking transactions, so it relies on the (potentially compromised) host system to send the correct message to display before generating the signature. Ouch. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]