Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!udel!ee.udel.edu From: new@ee.udel.edu (Darren New) Newsgroups: comp.org.eff.talk Subject: Re: stealing passwords is easy! Message-ID: <55643@nigel.ee.udel.edu> Date: 6 Jun 91 18:29:07 GMT References: <1991Jun2.215059.22125@bellcore.bellcore.com> Sender: usenet@ee.udel.edu Organization: University of Delaware Lines: 26 Nntp-Posting-Host: snow-white.ee.udel.edu In article rogue@cellar.UUCP (Rache McGregor) writes: >Unfortunately, such a scheme undoubtedly requires the user to keep a written >list of passwords, the easiest bane to security that ever existed. Actually, there are two times when this works well. One is if the user is in a secure place calling another secure place over insecure connections. For example, a military installation connecting to another military installation over the internet, or a home user calling a bbs. Presumedly, in these cases, the physical security of the list of passwords is greater than the security of the communication channel. The other situation where this can work well is if a "token" computer is used to generate the passwords. This can be a credit-card sized computer with a small number of keys and a small display which can calculate the proper password. Of course, the physical security of this password-computer is important, but could be guarded in much the same way that ATM cards are guarded. "We have the technology. We can rebuild..." -- Darren -- --- Darren New --- Grad Student --- CIS --- Univ. of Delaware --- ----- Network Protocols, Graphics, Programming Languages, FDTs ----- +=+ Nails work better than screws, when both are driven with hammers +=+