Nobody wrote:
> On Wed, 10 Feb 2010 04:47:26 +0100, Tor Rustad wrote:
>
>> Now what does authentication mean? Well, the server like to know *who*
>> the client is, but hey if that is done via a *shared secret*, isn't it a
>> pretty bad idea to send such important info out in the great void, also
>> known as internet???
>
> It's an improvement over running an open relay.

SPAM will not stop by using weak authentication.

> There's only so much to be gained from better security when a good
> proportion of your users are likely to be infested with malware.

Malware can do little about a proper design.

For example, within the year, banks all over the world will convert
their VISA and MasterCard products from SDA (static data authentication)
chip, to DDA (dynamic data authentication) chip.

This DDA chip is capable of doing RSA computations and have room for
more applications, like e.g. authentication application, which can be
now be far more advanced than an one-time-password generator.

The hard part, is really establishing the HW infrastructure, not the SW
side of things! My latest laptop came with a chip card reader, you can
also attach such reader device via USB.

So the technology is here, and it's being rolled out as we speak.

--
Tor <echo bwzcab@wvtqvm.vw | tr i-za-h a-z>