On 05/09/09 07:33, Jerry Leichter wrote:
I had a discussion with a guy at a company that was proposing to create
secure credit cards by embedding a chip in the card and replacing some
number of digits with an LCD display. The card would generate a unique
card number for you when needed. They
On May 8, 2009, at 3:39 PM, Ian G wrote:
The difficulty with client certs is that I need them to also work
on my
laptop. And my other laptop. And my phone.
So, how do I get hold of them when I'm on the road?
Good point. The difficulty with my passwords is that I have so many
that are so
On 05/09/09 07:33, Jerry Leichter wrote:
On May 8, 2009, at 3:39 PM, Ian G wrote:
The difficulty with client certs is that I need them to also work on my
laptop. And my other laptop. And my phone.
So, how do I get hold of them when I'm on the road?
Good point. The difficulty with my
Ben Laurie b...@links.org writes:
Incidentally, the reason we don't use EKE (and many other useful schemes) is
not because they don't solve our problems, its because the rights holders
won't let us use them.
That's not the reason, TLS-SRP isn't that annoyingly encumbered, and even the
totally
Steven M. Bellovin wrote:
We've become prisoners of dogma here. In 1979, Bob Morris and Ken
Thompson showed that passwords were guessable. In 1979, that was
really novel. There was a lot of good work done in the next 15 years
on that problem -- Spaf's empirical observations, Klein's '90
On Sat, 21 Feb 2009 11:33:32 -0800
Ed Gerck edge...@nma.com wrote:
I submit that the most important password problem is not that someone
may find it written somewhere. The most important password problem is
that people forget it. So, writing it down and taking the easy
precaution of not
silky wrote:
On Sun, Feb 22, 2009 at 6:33 AM, Ed Gerck edge...@nma.com wrote:
(UI in use since 2000, for web access control and authorization) After you
enter a usercode in the first screen, you are presented with a second screen
to enter your password. The usercode is a mnemonic 6-character
James A. Donald wrote:
No one is going to check for the correct three letter
combination, because it is not part of the work flow, so
they will always forget to do it.
Humans tend to notice patterns. We easily notice mispelngs. Your
experience may be different but we found out in testing
On Tue, Feb 24, 2009 at 8:30 AM, Ed Gerck edge...@nma.com wrote:
[snip]
Thanks for the comment. The BofA SiteKey attack you mention does not work
for the web access scheme I mentioned because the usercode is private and
random with a very large search space, and is always sent after SSL starts
silky wrote:
On Tue, Feb 24, 2009 at 8:30 AM, Ed Gerck edge...@nma.com wrote:
[snip]
Thanks for the comment. The BofA SiteKey attack you mention does not work
for the web access scheme I mentioned because the usercode is private and
random with a very large search space, and is always sent
On Tue, Feb 24, 2009 at 12:23 PM, Ed Gerck edge...@nma.com wrote:
[snip]
What usercode? The point you are missing is that there are 2^35 private
usercodes and you have no idea which one matches the email address that you
want to sent your phishing email to.
What you're missing is that it
List,
In a business, one must write down the passwords and one must have a
duplicate copy of it, with further backup, where management can access
it. This is SOP.
This is done not just in case the proverbial truck hits the employee, or
fire strikes the building, or for the disgruntled
On February 21, 2009 14:34, Ed Gerck wrote:
In a business, one must write down the passwords and one must have a
duplicate copy of it, with further backup, where management can access
it. This is SOP.
This is done not just in case the proverbial truck hits the employee, or
fire strikes
On Sun, Feb 22, 2009 at 6:33 AM, Ed Gerck edge...@nma.com wrote:
List,
In a business, one must write down the passwords and one must have a
duplicate copy of it, with further backup, where management can access it.
This is SOP.
This is done not just in case the proverbial truck hits the
14 matches
Mail list logo
