Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/5/84; site reed.UUCP
Path: utzoo!decvax!decwrl!pyramid!hplabs!tektronix!reed!bart
From: bart@reed.UUCP (Bart Massey)
Newsgroups: net.crypt
Subject: Dialback (Re: Re: foiling password crackers)
Message-ID: <2724@reed.UUCP>
Date: Sun, 9-Mar-86 16:25:22 EST
Article-I.D.: reed.2724
Posted: Sun Mar  9 16:25:22 1986
Date-Received: Tue, 11-Mar-86 08:33:48 EST
References: <974@decwrl.DEC.COM> <262@birtch.UUCP> <210@duts.UUCP> <2904@sunybcs.UUCP>
Distribution: na
Organization: Reed College, Portland, Oregon
Lines: 22

> I hear IBM's mainframe has a fool-proof way of dealing with hackers.
> The computer stores each users phone number in memory. When the user
> calls in and completes the login correctly, the mainframe hangs up
> and calls the user back. This way the hacker would have to be at the
> users house to do any hacking!

Or something.  I have a friend whose father works at a large bank in the
area, which was actually thinking of using dialback as its sole security
mechanism (outside of a simple password scheme).  I pointed out to him that
if he was honestly willing to trust his millions of dollars to the security
of the U.S. phone system, he was welcome to...  I don't know what ever came
of it.  But it's not like there are guys out there who not only know how
to break into computer systems, but how to phreak the phone lines :-) ...

I suggested to him (and still think it might be a good idea) that with
micros costing what they do these days, he should give bank employees
working remotely one to use, complete with a terminal program that does
public-key signaturing for identification!  It seems secure to me.  What
does anyone think?

				Bart Massey
				..tektronix!reed!bart