David Honig wrote:
>
> At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote:
> >true for credit cards? If so, a simple visual recorder -- already used by
> >other thieves -- might suffice, and all the tamper-resistance in the world
> >won't help. Crypto, in other words, doesn't protect you if the attack is on
> >the crypto endpoint or on the cleartext.
>
> Wouldn't a thumbprint reader on the card (to authenticate the meat to the
> smartcard) be a tougher thing to shoulder surf?
> Does raise the cost over a PIN.
Sure. But wouldn't you like to keep your thumbs?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
