Alaric Dailey [EMAIL PROTECTED] writes:
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure way?
are we talking about generating a new key for every connection?
if so how do you validate the key?
if not, how do
Peter Gutmann wrote:
Alaric Dailey [EMAIL PROTECTED] writes:
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure way?
are we talking about generating a new key for every connection?
if so how do you validate
Peter Gutmann wrote:
Alaric Dailey [EMAIL PROTECTED] writes:
In my opinion, PSK has the same problems as all symmetric encryption, its
great if you can share the secret securely, but distribution to the masses
makes it infeasible.
Exactly, PSK's are infeasible, and all those thousands of web
Alaric Dailey wrote:
ATMs would be infeasible if they were not a 2 factor authentication
system, and every day we see more cracks in the way that system is
implemented. Starting with the way the PSKs are shared.
http://news.bbc.co.uk/1/hi/technology/4183330.stm
ATMs use something you
Alaric Dailey wrote:
Thus ATMs and the weak 2 factor authentication system they use are
untrustworthy, I knew that already, but as I said, its better than not
having the multifactor authentication. The fact that many cards may be
used as credit card and you thus bypass the second factor, is a