[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mental cryptography

To: [email protected]
Subject: Re: mental cryptography
From: Nathan Loofbourrow <[email protected]>
Date: Tue, 17 Oct 1995 09:54:15 -0400
In-Reply-To: <[email protected]>
References: <[email protected]><[email protected]>
Sender: [email protected]

Scott Brickner writes:
 > Nathan Loofbourrow writes:
 > >It may be that the approach is off anyway. Credit cards have only
 > >signature verification -- if the salesperson bothers -- because stolen
 > >cards are reported. You don't need a strong authentication technique
 > >if a stolen card is easy to cancel.
 > 
 > The card's easy to cancel, but the cash ain't.  Credit cards are
 > cleared with the issuer.  Digital cash with smart cards acting as
 > transaction observers don't need this.  The thief need only transfer
 > the cash from the stolen card to his own, just like he does with
 > regular cash.

Er, um, right.

Well, then, perhaps on-line systems need to consider cash
revocation in case of theft. Actually, this is a no-brainer: just
exchange the cash for some new coin, and the old stuff goes
invalid. Admittedly, this means a footrace for the mugger and the
victim, so I guess the mugger is encouraged to knock you out cold.

Maybe you just shouldn't carry too much cash with you. Gee, that
sounds like good advice even without digital protocols.

 > >Even with a weak PIN system for authentication, you can always provide
 > >a "duress" PIN, right?
 > 
 > Sounds like a better choice.

Duress PINs liberally sprinkled through the keyspace also drop the
efficacy of brute-force PIN search for the thief.

nathan

Follow-Ups:
- Re: mental cryptography
  - From: [email protected]
- Duress codes
  - From: [email protected]

References:
- Re: mental cryptography
  - From: Nathan Loofbourrow <[email protected]>

Prev by Date: Re: Weekly MixMaster list
Next by Date: Re: java flaw
Prev by thread: Re: mental cryptography
Next by thread: Re: mental cryptography
Index(es):
- Date
- Thread