You are correct that will work, unless IMHO, the spoof site acts as a
proxy between the user with the crytpo card and the real site to be
hacked. This problem might be overcome for the short term by displaying
the number entered into the crypto card graphically like e-gold does
with the turing number. I havent any experience programming with the cryptocard. I
have encountered the faults with the RSA fob product.
Your mileage may vary,
don
On Mon, 4 Feb 2002 08:24:39 -0600, SnowDog <[EMAIL PROTECTED]> wrote:
>The crypto-card is spoof-proof. Even if you log-in on a fake site, the
>person stealing your password won't be able to log-in to the original site
>because he won't have your crypto-card. To log-in, you will need your
>cryto-card AND a passphrase. On log-in, the website will present a number.
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s)
via the web and shopping cart interfaces to help thwart keystroke loggers and common
viruses.
