Corporate public key?
Wed Jul 9 01:56:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Johan Wevers wrote:
| You, CL Gilbert, wrote:
|>The mail is usually there when I get home. Their is noone guarding it.
|>~ I am not concerned about mass attacks, only a single one. Once you get
|>the pin, you have no need of bruteforce. The bruteforce occurs when you
|>are checking my snail mailbox everyday for a month.
| I don't know how internet banking is done where you live. I have seen
| banking systems for 3 banks here.
| For one (Postbank, a division of ING) you get 3 lists of codes, sent in 3
| separate letters on 3 separate days. You'll have to change 1 of them the
| first time you use it, the other is fixed and the 3rd is a list of
| confirmation codes when you do payments via their program.
| At ABN-AMRO you get a card reader that can is a general type. You put your
| bank card in it, and it requires the pin of the chip on the card to work.
| You then get a 8-number challenge when you want to login on the bank card,
| type this on the card reader and it gives a 6-number response.
| generate a session key for an encrypted connection. This session key is
| stored in a cookie.
| For the CVB bank, you get an electronic number generator with a serial
| number. You have to type the serial number of the generator when you
| login. It then gives a challenge number. You switch on the generator, it
| asks for a 5-digit pin code (sent to you in a seperate snail letter, and
| you'll have to change it the first time you use the generator). Then
| for the challenge and responses with a response that you have to type
| website, and the server generates a sesson key.
| Both the ABN and CVB number generators will always produce the same
| when fed a fixed challenge.
Well this begs the question, what exactly do you mean by internet
*banking*? are you speaking of investment banking? or checking /savings?
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----