>> "The FBI is developing software capable of inserting a computer virus >> onto a suspect's machine and obtaining encryption keys..." > I doubt they would be succesful. I assume that is the case -- but, apparently this is technically feasible. Is this a case where the story means they already have it. Or, are they bluffing while they play catch up? "They" have something. http://www.wired.com/news/print/0,1294,40541,00.html
> Geoff, the CRYPTOCARD system already does this > <http://www.rsa.com/products/securid/authenticators.html>. I think they cost a fair amount, and I doubt my target audience will pony up. > My guess is DGCs will offer CRYPTOCARDs commonly in the near future. This option is great! It allows the user to balance risk with hassle. The DGC should get lower insurance rates because they pawn off risk to the user. > If you mean one-time-passwords? That is indeed a powerful system, > but if you must store the list somewhere then that's a weak mechanism. I was planning on creating challenge : answer pairs and storing the answer md5 hashed. Does not matter though if an intruder is watching the creation of pairs :) > FreeMAIL program of Thawte? It is my impression that this helps determine identity. In my case, I only care that the identity does not change without consent. Plus this does not address keyboard sniffing. (How big a deal is this anyway? Probably a million times less then the common, easily preventable mistakes.) It sounds like you are reinventing S/KEY - see <http://cnls.lanl.gov/Internal/Computing/Skey/skey.txt> Sort of -- I don't perfectly understand what they are talking about -- but upon more education, I am liking a two factor authentication method. Heck, I will just do it and see what happens ....... Thanks for the suggestions!!! Jeff --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
