Corporate public key?

Wed Jul 9 01:56:01 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan Wevers wrote:
| You, CL Gilbert, wrote:
|
|
|>The mail is usually there when I get home.  Their is noone guarding it.
|>~ I am not concerned about mass attacks, only a single one.  Once you get
|>the pin, you have no need of bruteforce.  The bruteforce occurs when you
|>are checking my snail mailbox everyday for a month.
|
|
| I don't know how internet banking is done where you live. I have seen
| banking systems for 3 banks here.
|
| For one (Postbank, a division of ING) you get 3 lists of codes, sent in 3
| separate letters on 3 separate days. You'll have to change 1 of them the
| first time you use it, the other is fixed and the 3rd is a list of
use-once
| confirmation codes when you do payments via their program.
|
| At ABN-AMRO you get a card reader that can is a general type. You put your
| bank card in it, and it requires the pin of the chip on the card to work.
| You then get a 8-number challenge when you want to login on the bank card,
| type this on the card reader and it gives a 6-number response.
Together they
| generate a session key for an encrypted connection. This session key is
| stored in a cookie.
|
| For the CVB bank, you get an electronic number generator with a serial
| number. You have to type the serial number of the generator when you
want to
| login. It then gives a challenge number. You switch on the generator, it
| asks for a 5-digit pin code (sent to you in a seperate snail letter, and
| you'll have to change it the first time you use the generator). Then
it asks
| for the challenge and responses with a response that you have to type
on the
| website, and the server generates a sesson key.
|
| Both the ABN and CVB number generators will always produce the same
response
| when fed a fixed challenge.
|

Well this begs the question, what exactly do you mean by internet
*banking*? are you speaking of investment banking? or checking /savings?

- --
Thank you,

CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/C1piVbJM14DSCi0RAlJjAKCkjCQTqV7SOhON/mx+mBv1ycrvcACfeXE9
yWENH88iwvp8s98ety5Cfi4=
=o6ce
-----END PGP SIGNATURE-----