[Beowulf] One time password generators...

James Cownie jcownie at cantab.net
Thu Mar 26 12:23:36 PDT 2009

On 26 Mar 2009, at 13:57, Leif Nixon wrote:

> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge- 
> response
> procedure to log in to the Internet banking site - nothing new so  
> far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of  
> the
> transaction data (like the total amount to transfer) into the crypto  
> token.
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.

But check this analysis of the UK version, which seems to be almost  
exactly as described...


-- Jim
James Cownie <jcownie at cantab.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20090326/fb46d989/attachment.html>

More information about the Beowulf mailing list