[Cryptography] Encryption opinion
Bear
bear at sonic.net
Tue Aug 26 18:29:15 EDT 2014
On Tue, 2014-08-26 at 13:12 +0100, ianG wrote:
>
> ??? If you are trying to communicate with your bank, and the phisher
> has taken those comms before they get to the bank, then that's an
> MITM.
Phishing is isochronous. Phishers can get your credential from you
without the bank's participation. Later, they can use that credential
with your bank without your participation. That is not an MITM; that
is simple credential fraud.
The reason we're not seeing MITM right now is because credential fraud
can be simply and easily accomplished without bothering to set up an
MITM. HTTPS will not be revealed for how horrifyingly inadequate a
protection against MITM it is, until we tighten security so far that
the fraudsters actually are forced to resort to MITM.
Bear
More information about the cryptography
mailing list