two factor authentication
Frank Cusack
fcusack at fcusack.com
Wed Jul 26 08:16:38 EST 2006
On July 25, 2006 4:42:20 PM -0500 "Douglas E. Engert" <deengert at anl.gov> wrote:
> But most don't have any self contained I/O or logging capability. They depend
> on the machine into which they are inserted. Once the pin has been given, to
> unlock the card, the card does not know what it is signing, and the user can
> not even tell if the card is being used, thus it could still be misused by some
> back door to make a few more ssh conections, or sign a few more documents
> without the user's knowledge.
That's why the VISA/EMV requirement is for the reader to have a PIN pad.
The PIN cannot then be software cached for additional transactions.
-frank
More information about the openssh-unix-dev
mailing list