Ah... thanks for the explanation. I was confused as nonce is also a slang term for a child molester.
Regards
Bryan
--- On Sat, 10/1/09, Hugo Mills <hugo@???> wrote:
From: Hugo Mills <hugo@???>
Subject: Re: [Hampshire] banks and home use of card readers
To: "Hampshire LUG Discussion List" <hampshire@???>
Date: Saturday, 10 January, 2009, 2:09 PM
On Sat, Jan 10, 2009 at 01:51:20PM +0000, B STEVENS wrote:
> nonce-password?
It's a one-off password (hence "nonce"), usually generated as
a
secure hash of a challenge and some locally-held private data. The
private data never leaves the generator (in this case, the physical
card), but the remote site can contact your card issuer and ask "if I
gave this challenge and got this response, is it valid?".
This involves a keypad and readout embedded on the card. I believe
that some banks in the Netherlands are already issuing them.
There was also a scheme run a while ago where you could generate
nonce credit card numbers, one per transaction. You'd go to the card
issuer's website, give it your actual card number, and a limit. They'd
then generate a set of credit card details that could only be used for
one transaction, up to the limit you'd set, and which was linked to
your actual card. This prevents copying of the card details (well, use
of copied details), and replay attacks. As far as I'm aware, this
system was trialled, but never made it into general operation.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or
http://www.carfax.org.uk
--- You've read the project plan. Forget that. We're going to Do ---
Stuff and Have Fun doing it.
--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
