On Sat, Sep 21, 2002 at 12:11:17AM +0000, David Wagner wrote: > > I find the physical token a poor replacement for cryptography, when the > goal is challenge-response authentication over a network. In practice, > you never really want just challenge-response authentication; you > want to set up a secure, authenticated channel to the other party, > which means you probably also need key distribution functionality. > The physical token suggested here doesn't help with that at all.
Actually, it can. The server can store challenge-responses in pairs, then send N as the challenge and use the N+1 response (not returned) as the key. -- Barney Wolff I'm available by contract or FT: http://www.databus.com/bwresume.pdf --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
