Hello All, Just a comment --
> Date: Sat, 29 Dec 2001 22:58:53 +0100 > From: Edwin Woudt <[EMAIL PROTECTED]> > To: "e-gold Discussion" <[EMAIL PROTECTED]> > Subject: [e-gold-list] Re: e-gold under attack by robots > > Uhm... digigold used public key based authentication. Clearly that is > superior to any password based mechanism with regard to robot attacks. There should be serious analysis which should be done by good cryptographers in order to back this statement. The sort of technical audit for user confidence. Any pointers to published information about analysis of this particular case? In my humble opinion. E-gold passphrase is transmitted using SSL protocol encryption which when used properly provides enough protection in order for passphrase authentication to be as secure as public key authentication in this particular case. Passphrase should be long and complex one, there are lots of published recommendations. The probability to guess good passphrase is really small one and it is just not practical to use brute force attack by robots, I think that intruders are trying to guess the simplest ones, which may be prevented to create by dictionary software. At the same time public key based authentication will prevent e-gold from offering the security of account access from any secure computer using the simplest secure browser with SSL encryption. User will need to install some alien software in order to compute things needed for public key authentication, which will be rather the source for more security concerns than benefits in this particular case. Respectfully yours, Dmitry Salnikov, http://dmitry-salnikov.com/index.htm International business catalogue for e-gold users, http://dmitry-salnikov.com/veda.htm Gold Web Ring traffic maker for e-gold sites, http://o.webring.com/hub?ring=gold FreeBSD, Linux, C/C++, Perl, ... Web software development services, English / Russian translations. --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
