Quoting "Perry E. Metzger" <[EMAIL PROTECTED]>:

> So, rephrasing, the problem is not that secret information isn't a
> fine way to establish trust -- it is the pretense that SSNs, your
> mom's birth name or even credit card numbers can be kept secret.
> > Identifying information cannot be kept secret.
> I'd amend that to "things like your name, your SSN or your account
> numbers cannot be kept secret..."

I think it's worse than that -- in reality it is any static piece of
information.  It doesn't matter WHAT that piece of information is.  You really
want a challenge-response system to prove both knowledge and liveness of the

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       [EMAIL PROTECTED]                        PGP key available

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to