Il 24/09/2012 21:37, Andreas Jellinghaus ha scritto:
> no, I was refering to all the magic solutions that make things secure
> suddenly.
there was a good comic strip I can't find just now...
Hackers view: oh, no, this laptop is protected by 4096-bit RSA... no way
we can recover it even with $1000000!
Grunt view: this laptop is locked... take this $5 wrench and beat off
the pass from the user.
Too bad it proves right... Here in Italy we've had many episodes of
people kidnapped to make their families let robbers enter well-protected
houses... :(
> Like sms-tan instead of pin+tan, or funny devices reading flickering
> info on some banks online system,
> or smart cards with biometrics on board, or
> $government-identified-super-secure-signing-cards or
> stupid "de-mail" (email with a postage cost of half an euro) which they
> try to sell in germany, and all this stuff.
Not to speak of italian "posta certificata" ("certified mail", with
provable delivery so that it can have legal value)... :)
> EMV is of course totaly bloated and thus far too complex, and the whole
> idea of visa and mastercard keeping
> paypass and paywave confidential, even partners under NDA only get to
> see their bits, that is real stupid and insecure.
Maybe because they know it's not secure?
EMV for sure: there's an unauthenticated bit that tells the card to
authenticate the transaction without asking for the PIN...
BYtE,
Diego.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
