Break-Open One-Shot Password Stores

Paul Barnfather lists at
Mon Feb 27 18:12:18 GMT 2012

On 27 Feb 2012, at 13:32, Mark Lomas wrote:

> Note that these don't protect you against an insider with access to unused envelopes.

I assume that is why the PIN must also be changed on first use; the PIN is not only "read once" but "use once" as well.

Otherwise, as you point out, they are totally vulnerable to someone with access to unused envelopes (or the ability to make a reasonable-looking copy).

More information about the ukcrypto mailing list