On 4 Feb 2002, at 17:39, SnowDog wrote: > > The 2 hurdle concept and its equivalence to a longer passphrase have > > been discussed at length on this list before. > > But the ideas being bantered about recently are not equivalent to a > longer passphrase. The idea is to issue a personalized challenge, to > which the user would have to respond. How is this equivalent to a > passphrase? Copying keystrokes would not allow a third-party to > log-in.
A passphrase is a shared secret. Demonstration of knowledge of the shared secret entitles one to access to the account. The response algorithm is also such a shared secret. It may be very hard to find this shared secret by trial but it could be done. It is no harder to find by trial-and-error than a sufficiently long passphrase. Therefore it is equivalent to a sufficiently long passphrase. A better challenge-response scheme would be a PGP key pair. But this is also equivalent to a sufficiently long passphrase. You bring up another point: that it is not susceptible to keyboard sniffing. This is also true of a PGP key pair or a certificate. But this is another issue. And none of these consitute Turing tests or solve the problem that the Turing number was intended to address. Best, CCS ------------------------------------------------------- - Virtual Phonecards - Instant Pin by Email - - Large Selection - Great Rates - - http://speedypin.com/phonecard/start.mhtml?af=743 - ------------------------------------------------------- *************************************************** * Craig Spencer * * [EMAIL PROTECTED] * *************************************************** --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
