there are a couple issues 1) using any widely known information for authentication.
2) standard security kindergarten 101 requires that every unique security domain requires a unique shared secret (if shared secret is used for authentication) 3) any information that is used for authentication should be dedicated for authentication and not widely used in large number of other business processes (like account numbers) 4) static data authentication (whether unique or not) is subject to skimming for various kinds of replay and impersonation attacks. ============= the issue with digital signatures and private keys ... is that the digital signature can be unique per transaction ... and that the mechanism which is used to originate the transaction (private key) is never divulged ... countermeasure against the skimming attacks on transaction origin. note that there have been some poorly designed digital signature schemes that separate the authentication from the transaction ... such that they are subject to MITM-attacks --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
