Peter Gutmann wrote: > $25 and a bit of marijuana, apparently. See: > > http://www.wjla.com/news/stories/0305/210558.html > http://www.wjla.com/news/stories/0105/200474.html > > Although the story doesn't mention this, the "ID" in question was the DoD > Common Access Card, a smart card containing a DoD-issued certificate. To get > a CAC, you normally have to provide two forms of verification... in this case > I guess the two were photo ID of dead presidents and empirical proof that you > know how to buy weed. > > The cards were issued by Yusuf Khalil Jackson, a man with a long criminal > history (including, ironically, identity fraud):
one might claim that part of this is the lingering affinity to offline credentials ... when most really secure operations have gone to online and realtime operations ... leaving any physical object primarily a feature of "something you have" authentication that might be used in conjunction with other authentication factors. the issue of many offline credentials are that they are left over from a bygone era that is rapidly disappearing, but some of the legacy mindsets still linger on. the issue was raised in the mid-90s in financial infrastructures ... that such offline credentials ... even tho superfluous and redundant (in a modern online world) wouldn't actually be hurting anything (other than possibly the out-of-pocket expense to support such operations). the danger did show up when operations were tempted to use the redundant and superfluous credential in lieu of doing an actual online operation. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
