Break-Open One-Shot Password Stores

Ian Batten igb at batten.eu.org
Tue Feb 28 07:38:50 GMT 2012


On 27 Feb 2012, at 18:12, Paul Barnfather wrote:

> On 27 Feb 2012, at 13:32, Mark Lomas wrote:
> 
>> Note that these don't protect you against an insider with access to unused envelopes.
> 
> I assume that is why the PIN must also be changed on first use

That varies from bank to bank, I believe.  It seems an obvious measure to guard against insider threats, but on the other hand people don't by and large set good PINs.

ian




More information about the ukcrypto mailing list