FTR, e-gold were aware of the general makeup of this threat since 1998 and asked someone to look at it. The long and the short was that it was more difficult to solve than at first claimed, so the project was scrapped. This was a good risk-based decision. The first trojans that I know of for e-gold weren't spotted until 12-18 months ago, so it was also a profitable decision. What they are doing now I don't know.
In the payments world we've known how to solve all this for some time, since the early 90s to my knowledge. The only question really is, have you got a business model that will pay for it, because any form of token is very expensive, and the form of token that is needed - a trusted device to put the application, display, keypad and net connection on - is even more expensive than the stop-gap two-factor authentication units commonly sold. iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]