[Fwd: Re: Co-op Bank and Verified by Visa]
Nicholas Bohm
nbohm at ernest.net
Sat Jun 20 17:51:04 BST 2009
Peter Gutman sends a further message:
Subject: Re: Co-op Bank and Verified by Visa
Date: Sun, 21 Jun 2009 04:43:54 +1200
From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
-- Snip --
Nicholas Bohm <nbohm at ernest.net> writes:
>To be fair to the systems, they ask for three characters from the password,
>and not the same three each time. Attacks would have to be repeated often
>enough to get enough characters before they could be executed reliably.
"To provide customers with an enhanced security experience our
award-winning
Verified by Visa system will now ask for your full password instead
of just
three characters. When you enter your password you can be assured
that we
are providing the highest level of security possible".
("security" systems that assume that the attacker will play by the
defenders'
rules are always amusing. There's one, Safe2Login, that even seems to
assume
that the attackers will follow the defenders' FAQ in order to carry out
their
attack).
Peter.
...
Nicholas
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
More information about the ukcrypto
mailing list