note however, with regard to the 80 hardware tokens, or 3 hardware tokens, or 1 hardware token scenario .... a single or small number of hardware tokens (with each hardware token having an associated public key registered multiple places) then can become a personal choice.
The current scenario with shared secret demands that a unique shared secret be used in each unique security domain. In the hardware token scenario the same hardware token can be used with multiple unique security domains w/o exposing the ability to originate fraudulent transactions. The biggest exposure is lost/stolen and effectively denial of service. Since these hardware tokens are many more times harder to compromise than evesdropping a pin/password, possibly a thousand times harder (which includes the act of physical theft), then potentially the security profile allows such a token to be used in a hundred different security domains (exposure proportional to difficulty of compromise). This doesn't take into account the human operational factors .... like memory problems with multiple "secret" values ... and if there are multiple tokens, each with a large number of security domains, remembering which security domain is associated with which token. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]