[Fwd: Re: Co-op Bank and Verified by Visa]
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sat Jun 20 19:21:46 BST 2009
Nicholas Bohm wrote:
> Peter Gutman sends a further message:
>
> Subject: Re: Co-op Bank and Verified by Visa Date: Sun, 21 Jun 2009
> 04:43:54 +1200 From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
>
> -- Snip --
>
> Nicholas Bohm <nbohm at ernest.net> writes:
>
>> To be fair to the systems, they ask for three characters from the
>> password, and not the same three each time. Attacks would have to
>> be repeated often enough to get enough characters before they could
>> be executed reliably.
>
> "To provide customers with an enhanced security experience our
> award-winning Verified by Visa system will now ask for your full
> password instead of just three characters. When you enter your
> password you can be assured that we are providing the highest level
> of security possible".
Ah, but you can write proper English, and attackers can't!
>
> ("security" systems that assume that the attacker will play by the
> defenders' rules are always amusing. There's one, Safe2Login, that
> even seems to assume that the attackers will follow the defenders'
> FAQ in order to carry out their attack).
:)
-- Peter F
>
> Peter. ...
>
> Nicholas
More information about the ukcrypto
mailing list