Status of SRP
Ka-Ping Yee
cryptography at zesty.ca
Wed Jun 7 13:49:21 EDT 2006
On Wed, 7 Jun 2006, John Brazel wrote:
> What we really need is something similar to the built-in "remember
> my password" functionality of current web browsers: the browser keeps
> track of a login/password/certified (ie TLS certificate-backed) DNS name
> tuple...
[...]
> The downside, of course, is that:
>
> a) It wouldn't handle password changing,
> b) Some people use the same login and password *everywhere*,
> c) Once you change browsers or computers, all bets are off (because the
> new browser doesn't know anything about which passwords you use where).
If you haven't looked at this yet, i think you'll find it interesting:
http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/
These design ideas are intended to address exactly the things you've
just mentioned.
-- ?!ng
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list