At 5:13 AM -0800 1/30/02, <[EMAIL PROTECTED]> wrote: >Bill Frantz writes: > > > > What would be really nice is to be able to have the same PIN/password for > > everything. > >Do you really mean that? Sure, if I only have to remember one thing >it is easier for me. It is also a complete nightmare if it is ever >compromised.
It may be that we gain more from having this data not written down than we lose from the "compromise one, compromise all" problem. For things like credit/debit/ATM cards, you probably don't increase the risk too much by using the same PIN for all of them. I admit that I use the same password for all those web sites that simply must have a username and password for their own reasons, and not to secure anything of mine. For web sites like Amazon that want to remember a credit card number for you, I generally choose a password that even I can't remember (and paste it into both the entry and verification windows). This means I must set up a new account for every purchase, but that doesn't happen very often. I think Ben is thinking in the right direction when he writes: >This is why you need to carry your verifying equipment around with you - >a PDA with a decent OS is the way to go, IMO. Lets assume a PDA/smart card with a fingerprint reader for the sake of argument. The device keeps one or more secret keys used to sign challenges, and only signs them if the fingerprint has been recently verified. (Perhaps using the infrared link, you put it near the point of sale computer or you web browsing computer. The computer sends it the challenge and an indication of which public key will be used to verify the authorization. The device shows you your name for the keypair being used, and asks you to press the fingerprint reader to authorize (or click NO to reject authorization).) If we accept Dr. Denning's criterion that the biometric data must be public, anyone who steals this device can, with enough work, fool it into accepting a false finger print. Even with this weakness, such a device is more secure than the current credit card system. If instead of using biometric identity, we use some kind of pass phrase/PIN, we introduce the risk of shoulder surfing, and brute force attacks against the hash(salt || PIN) stored in the device. It may be easier to just extract the signing keys from the device rather than perform the above attacks. If we can build the device so it resists attacks long enough for the user to notice that it is missing, and notify the verifiers, then the above attacks become less of a problem. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
