On Sat, Sep 21, 2002 at 12:11:17AM +0000, David Wagner wrote: > > I find the physical token a poor replacement for cryptography, when the > goal is challenge-response authentication over a network. In practice, > you never really want just challenge-response authentication; you > want to set up a secure, authenticated channel to the other party, > which means you probably also need key distribution functionality. > The physical token suggested here doesn't help with that at all.
That's the main problem of judging this token: Don't compare it with cryptographical methods. This token is not a matter of cryptography, because there's no secret and no exchange of information. No challenge, no response, no calculation, no stored information, nothing. Therefore it is completely useless in context of computer networks, which - after all - do nothing else than carrying informations. That token can't perform a challenge-response authentication, because it's a piece of plastic and glas, it doesn't listen to your challenge and it won't give you an answer. It's just a gadget of the type "you can't make a similar one again", and that's what it can be used for. Forget about networks and challenge response in context of this token. Security is far more than just the cryptographical standard methods. There's security beyond cryptography. So don't have this limited view. regards Hadmut --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
