Trusted path (was: status of SRP)
Ka-Ping Yee
cryptography at zesty.ca
Thu Jun 1 15:32:50 EDT 2006
On Thu, 1 Jun 2006, James A. Donald wrote:
> Florian Weimer wrote:
> > There is no way to force an end user to enter a
> > password only over SRP.
>
> Phishing relies on the login page looking familiar. If
> SRP is in the browser chrome, and looks strikingly
> different from any web page, the login page will not
> look familiar.
I think you might be overestimating the attentiveness and
discrimination abilities of most people. A scheme that
makes a real login form *technically* discriminable from a
fake login form (i.e. there is some rule you can follow that
will give you 100% accuracy as to which is which, such as
"check for presence of the taskbar") will not necessarily
achieve a 100% fraud prevention rate because the rule will
not always be followed.
Different kinds of discrimination will yield different rates
of success. Some rules are more difficult to follow than
others; some rules are easier to forget than others. Depending
on the scheme, even a highly technical user such as you or me
might fail to notice a spoof when we're in a hurry to complete
the transaction or we're distracted by other things.
This is the trusted-path problem. Some examples of proposed
solutions to trusted-path are:
- Dim the entire screen.
- Use special window borders.
- Use flashing window borders.
- Use specially shaped windows.
- Attach a warning label to all untrusted windows.
- Display a customized word or name.
- Display a customized image.
- Overlay a semitransparent customized image.
- Require the user to press a secure attention key.
- Require the user to click a customized button.
I'm interested in people's thoughts on what works better or
might work better. (Feel free to add to the list.)
-- ?!ng
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list