At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote:
>true for credit cards? If so, a simple visual recorder -- already used by
>other thieves -- might suffice, and all the tamper-resistance in the world
>won't help. Crypto, in other words, doesn't protect you if the attack is on
>the crypto endpoint or on the cleartext.
Wouldn't a thumbprint reader on the card (to authenticate the meat to the
smartcard) be a tougher thing to shoulder surf?
Does raise the cost over a PIN.
Aren't there protocols where the exchange can't be replayed,
but proof-of-knowledge is demonstrated?
Or would these exchanges require on-line connectivity, thereby defeating
the utility of smartcards some?