Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Question concerning Access Card
From: Peter Conrad <conrad () tivano de>
Date: Thu, 29 Apr 2004 17:26:45 +0200


On Tue, Apr 27, 2004 at 07:01:16PM -0500, Richard Douglas García Rondon wrote:

The next link explains that method:


the secret is the password.

I don't think so. That URL describes secret splitting which is usually
used to distribute a single key among several people. It would be
pointless to split a secret among *one* person.

Quoting Peter Conrad <conrad () tivano de>:

I don't know if that's the case here, but it looks like a simple way
to make the handling of a very long PIN easier. E. g. I have an online
bank account where I get asked for a random selection of digits from a
longer PIN (e. g. "Please enter digits 3, 7 and 9 from your PIN"). I
suppose in the above case you'd be asked "Please enter PIN b3", which
is basically the same mechanism.

Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]