?
nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
-
The Cryptography Mailing List
Unsubscribe by sending
e for the government to break the law to investigate terrorism?
Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
--
wJdTMfUjcQq0iZf
> 4ybo9wAzZZNG5YyF69jzKw/oXw3fL7FGj86oXey46
>
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>
--
Nick Owen
WiKID Syste
h a MITM site. Thus, we believe
there is value in providing another way to validate to the user that
they are going to the correct site.
Nick
>
>
> Hadmut
>
>
>
>
>
>
> -
> The Cryptography
cyphrpunk wrote:
> On 11/3/05, Nick Owen <[EMAIL PROTECTED]> wrote:
>
>>The token client pulls down a hash of the certificate from the
>>WiKID server. It pulls the certificate from the website and performs a
>>hash on it. It compares the two hashes and if they match
ectly valid
> certificates issued for them. I don't see how your system defends
> against what phishers actually do.
They do this too by attacking DNS servers with cache poisoning. In this
case the token client will not be able to validate the certificate.
nick
--
Nick Owen
WiKID Syst
cyphrpunk wrote:
> On 10/31/05, Nick Owen <[EMAIL PROTECTED]> wrote:
>
>>The system works this way: Each WiKID domain now can include a
>>'registered URL' field and a hash that website's SSL certificate. When
>>a user wants to log onto a secure web
ations such as online banking.
Any feedback is much appreciated.
Sincerely,
Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
Now open source: http://sourceforge
re some user dissatisfaction with an extra
click to login?
I suppose if you really wanted non-SSL logins, you could use a one-time
passcodes system with variable length passcodes to prevent race attacks.
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wik
would like to see WiKID-enabled.
Work is progressing on C and Python network clients to add to the Java
and COM objects and those listed above. Our focus is on adding network
clients in new languages and implementing those into applications.
Regards,
Nick
--
Nick Owen
WiKID Systems, Inc
the agency. They did say that
they would get GSA pricing. I suspect that Certicom got GSA pricing for
the deal as is, I assume, required by law.
Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
https://sourceforge.net/projects/wikid-twofact
>
> Watching security thinking advance is like watching
> primates evolve from close distance. Either we die
> of old age before anything happens, or we get clubbed
> to death...
>
> iang
>
> -
>
tter termed as fraud detection and prevention.
Florian Weimer wrote:
> * Nick Owen:
>
>
>>I think that the cost of two-factor authentication will plummet in the
>>face of the volumes offered by e-banking.
>
>
> I doubt this is true. In Germany, we already use som
ions again - this time as
protection for your privacy. I would think people would be much more
receptive to it now. Little has changed, except the market's perception
of the risk of using credit cards online. Amex actually pulled their
program in 2004, IIRC.
[EMAIL PROTECTED] wrote:
> Nick O
t will pay for it, because any form of token is
> very expensive, and the form of token that is needed -
> a trusted device to put the application, display, keypad
> and net connection on - is even more expensive than
> the stop-gap two-factor authentication units commonly
> s
ld have to steal the user's private key, their
PIN and the server's private key, correct?
I know that if the PC is compromised anything is possible, but I think
this raises the bar significantly - perhaps to an unprofitably level.
Steven M. Bellovin wrote:
> In message <[EMAIL PR
e, and drains your account except for .004 grams of gold.
>
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "
17 matches
Mail list logo