Home page logo
/

webappsec logo WebApp Sec mailing list archives

Question concerning Access Card
From: "Adrian Wiesmann" <awiesmann () swordlord org>
Date: Thu, 22 Apr 2004 08:27:12 -0000 (GMT)

Hello

I have a question concerning some specialized type of Access Card which is
not widely found (according to google only used with one bank in CH) but
which interests some software factory over here as web authentication
mechanisms.

This Access Card does not look like some normal cancellation list which
contains n codes listed like that:

1) 5gcl-krdI
2) &.?V-}?*A
3) !$aZ-umx>
4) {[|q-J>+I

The Access Card which I search whitepapers and descriptions for looks like
that classic game where two players try to sink each others ships on some
matrix. It is nearly credit card sized and has letters on the x axis and
numbers on the y axis building some matrix in the way like this example.
The resulting fields then contain the passwords:

----a----b----c----d---
1--111--358--274--245--
2--212--978--852--973--
3--123--234--963--245--
4--568--866--123--156--

Now my question: Does anybody of you know this method to access online
banking or other websites? Anybody an idea what kind of technology is
behind this list (looks to me like the normal cancellation list only in
another structure to not have to ship a new one after all items where
used)?

Best regards and thanks for your comments,
Adrian


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]