Status of SRP
James A. Donald
jamesd at echeque.com
Sat Jun 3 00:25:55 EDT 2006
--
Jeffrey Altman wrote:
> Unfortunately, SRP is not the solution to the phishing
> problem. The phishing problem is made up of many
> subtle sub-problems involving the ease of spoofing a
> web site and the challenges involved in securing the
> enrollment and password change mechanisms.
With SRP, the web site cannot be spoofed, for it must
prove it knows the user's secret passphrase.
Now Wagner keeps complaining that the users are complete
morons, who could be taken in by a very shoddy spoof,
and no doubt that is true, but right now it is possible
to make a very good spoof, and that can be fixed.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
K0DkzvBcnUAkU1t725Cg9Fmh6awjA9b9S8SmmanA
4HYHXPVEWxmojVTOmRDh7L/Eu6KRWMz3WCh5tL2Eq
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list