Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!aplcen!samsung!zaphod.mps.ohio-state.edu!tut.cis.ohio-state.edu!rutgers!ucsd!ames!pacbell!ptsfa!jmc
From: jmc@PacBell.COM (Jerry Carlin)
Newsgroups: comp.protocols.kerberos
Subject: Re: Authentication vulnerabilities
Message-ID: <5039@ptsfa.PacBell.COM>
Date: 26 Dec 89 22:51:07 GMT
References: <8912261743.AA02542@decwrl.dec.com>
Reply-To: jmc@PacBell.COM (Jerry Carlin)
Organization: Pacific * Bell, San Ramon, CA
Lines: 12

In article <8912261743.AA02542@decwrl.dec.com> miller@ERLANG.ENET.DEC.COM (Steve Miller) writes:
>p.s. Tools such as smart cards with PINs are better, but still imperfect
>since they may be intentionally shared or shared under duress -- e.g.
>people have been mugged and forced to obtain money from their cash machines.

At least one smart card system that I know has a 'duress' PIN that is to
be used specifically in duress situations so that the system can take 
action under those circumstances.

-- 
Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc
To dream the impossible dream. To fight the unbeatable foe.