Quoting "Perry E. Metzger" <[EMAIL PROTECTED]>:
> So, rephrasing, the problem is not that secret information isn't a > fine way to establish trust -- it is the pretense that SSNs, your > mom's birth name or even credit card numbers can be kept secret. > > > Identifying information cannot be kept secret. > > I'd amend that to "things like your name, your SSN or your account > numbers cannot be kept secret..." I think it's worse than that -- in reality it is any static piece of information. It doesn't matter WHAT that piece of information is. You really want a challenge-response system to prove both knowledge and liveness of the information. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]