WebApp Sec mailing list archives
Re: Entrust - Identity Guard - Any experience?
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 23 Aug 2005 08:14:32 -0700
Not really. The card is something a person carries around. Besides the cards can be made to be difficult to photocopy. And if stolen, they can be treated the same as a stolen token: invalidated and a new one generated as easy as kiss my hand.
hmmm. how do you know when to replace/regenerate the card, if the attacker only duplicated the card, and returned the original to your wallet??? static human-legible information can be duplicated using vaious fotografic techniques.
I like the Entrust thingamabob. Think Pareto's Law: It gives 80 percent of the functionality of a secure token for 20 percent of the cost. (Actually, I think it gives 96 percent of the functionality of a secure token for 20 percent of the cost -- Pareto squared.)
This maybe true, but i would still like to see some data to support this claim. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- RE: Entrust - Identity Guard - Any experience?, (continued)
- RE: Entrust - Identity Guard - Any experience? ken kousky (Aug 20)
- RE: Entrust - Identity Guard - Any experience? Ellis, Steven (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Rishi Pande (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Mary Ann Burns (Aug 19)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 19)
- Re: Entrust - Identity Guard - Any experience? Ralf Durkee (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Lyal Collins (Aug 20)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 21)
- RE: Entrust - Identity Guard - Any experience? ken kousky (Aug 21)
- Re: Entrust - Identity Guard - Any experience? Ned Fleming (Aug 22)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 23)