[27182] in cryptography@c2.net mail archive
Re: Status of SRP
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Jun 3 16:42:59 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 03 Jun 2006 14:25:55 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <447EF798.1060408@columbia.edu>
--
Jeffrey Altman wrote:
> Unfortunately, SRP is not the solution to the phishing
> problem. The phishing problem is made up of many
> subtle sub-problems involving the ease of spoofing a
> web site and the challenges involved in securing the
> enrollment and password change mechanisms.
With SRP, the web site cannot be spoofed, for it must
prove it knows the user's secret passphrase.
Now Wagner keeps complaining that the users are complete
morons, who could be taken in by a very shoddy spoof,
and no doubt that is true, but right now it is possible
to make a very good spoof, and that can be fixed.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
K0DkzvBcnUAkU1t725Cg9Fmh6awjA9b9S8SmmanA
4HYHXPVEWxmojVTOmRDh7L/Eu6KRWMz3WCh5tL2Eq
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
