Re: Information on Arcot for two-factor software strong authentication

Bill Stewart (bill.stewart@pobox.com)
Mon, 01 Mar 1999 09:19:30 -0800

• Next message: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Previous message: Robert Hettinga: "Re: Using crypto to solve a part of the DNS/TM mess"
• In reply to: Michael Froomkin - U.Miami School of Law: "Re: Using crypto to solve a part of the DNS/TM mess"
• Next in thread: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Reply: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Reply: Dave Del Torto: "Re: Information on Arcot for two-factor software strong authentication"

        [I seem to have slipped off CodherPlunks list for a while,
        so I'm catching the tail end of it. Bcc: Cypherpunks here.]

Doug Hoover from Arcot gave a presentation at the January Cypherpunks meeting
in San Jose, where he showed the math involved in the cryptography.
The math was reasonable, but he still got flamed heavily because the website
marketing literature claimed that it was equivalent to smartcards in security,
and some smartcard-knowledgable people took serious exception to that.
I later ran into the Arcot marketing people at the RSA IBM party,
who wanted to clarify that while it's not the same security as a
crypto smartcard, it is basically as secure as a memory smartcard,
which needs to trust the host computer not to copy it, clone it, etc.
Arcot's faq on their web site now reflects this, which is a positive change.

        [Dave, did you get a copy of Doug's slides to put on the web site?]

                Thanks; Bill Stewart

At 10:51 AM 3/1/99 -0500, Ge' Weijers wrote:
>On Fri, Feb 26, 1999 at 04:14:04PM -0800, Marlin Gilbert wrote:
>[...]
>> Our company, Arcot Systems, has developed a software smartcard
>> product for public key infrastructure (PKI) applications where
>> two-factor authentication and single sign-on are particularly
>> important. Arcot WebFort offers the security of a smartcard with the
>> flexibility, convenience, and cost savings of a software solution.
>[...]
>
>Dear Mr. Gilbert,
>
>'CodherPlunks' is a mailing list used by people who want to discuss
>issues related to implementing cryptography software. Mailing lists

Cypherpunks@cyberpass.net or maybe cryptography@c2.net would be
reasonable places for an announcement, though.

>On the subject of WebFort: it is accepted wisdom in the cryptographic
>community that security should not be based on the secrecy of the
>algorithm or method, but only on the secrecy of keys. The testimonials
>on your web site lead me to believe that you are not selling 'snake
>oil', but the rest of us can't judge for ourselves, because the
>details published are too vague to make any judgments about the design
>of your software smart card technology.

                                Thanks!
                                        Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

• Next message: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Previous message: Robert Hettinga: "Re: Using crypto to solve a part of the DNS/TM mess"
• In reply to: Michael Froomkin - U.Miami School of Law: "Re: Using crypto to solve a part of the DNS/TM mess"
• Next in thread: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Reply: Sameer Parekh: "Re: Information on Arcot for two-factor software strong authentication"
• Reply: Dave Del Torto: "Re: Information on Arcot for two-factor software strong authentication"