Florian Weimer <[EMAIL PROTECTED]> writes: > * Perry E. Metzger: >> Nick Owen <[EMAIL PROTECTED]> writes: >>> It would seem simple to thwart such a trojan with strong authentication >>> simply by requiring a second one-time passcode to validate the >>> transaction itself in addition to the session. >> >> Far better would be to have a token with a display attached to the >> PC. The token will display a requested transaction to the user and >> only sign it if the user agrees. Because the token is a trusted piece >> of hardware that the user cannot install software on, it provides a >> trusted communications path to the user that the PC itself cannot. > > On the surface, we already have such technology in Germany (it's > optional for bank customers), but there's a drawback: The external > device doesn't know anything about the structure of banking > transactions, so it relies on the (potentially compromised) host > system to send the correct message to display before generating the > signature. Ouch.
That could be fixed. I think the right design for such a device has it only respond to signed and encrypted requests from the issuing bank directed at the specific device, and only make signed and encrypted replies directed only at the specific issuing bank. If anything in between can tamper with the communications channel you don't have the properties you want out of this. Given such a structure, however, you can know when the device displays "Pay 53.22 euros to amazon.fr for book X" that this is precisely the transaction you are authorizing, and that the communication will not authorize any other transaction, its interception will not permit the authorization of any other transaction, and no replay of the transaction is possible. However, you need both the end to end communication and the hardware token with built in display and keyboard. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]