Status of SRP
Ka-Ping Yee
cryptography at zesty.ca
Thu Jun 1 15:34:01 EDT 2006
On Thu, 1 Jun 2006, Florian Weimer wrote:
> > That is an all purpose argument that is deployed
> > selectively against some measures and not others.
>
> If you've deployed two-factor authentication (like German banks did in
> the late 80s/early 90s), the relevant attacks do involve compromised
> customer PCs. 8-( Just because you can't solve it with your technology
> doesn't mean you can pretend the attacks don't happen.
You're both right. The problem is that we are talking about
solutions but haven't yet agreed on a threat model to discuss.
-- ?!ng
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list