once more, with feeling.
Eric Rescorla
ekr at networkresonance.com
Sun Sep 21 15:56:05 EDT 2008
At Sat, 20 Sep 2008 15:55:12 -0400,
Steven M. Bellovin wrote:
>
> On Thu, 18 Sep 2008 17:18:00 +1200
> pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
>
> > - Use TLS-PSK, which performs mutual auth of client and server
> > without ever communicating the password. This vastly complicated
> > phishing since the phisher has to prove advance knowledge of your
> > credentials in order to obtain your credentials (there are a pile of
> > nitpicks that people will come up with for this, I can send you a
> > link to a longer writeup that addresses them if you insist, I just
> > don't want to type in pages of stuff here).
> >
> Once upon a time, this would have been possible, I think. Today,
> though, the problem is the user entering their key in a box that is (a)
> not remotely forgeable by a web site that isn't using the browser's
> TLS-PSK mechanism; and (b) will *always* be recognized by users, even
> dumb ones. Today, sites want *pretty* login screens, with *friendly*
> ways to recover your (or Palin's) password, and not just generic grey
> boxes. Then imagine the phishing page that displays an artistic but
> purely imaginary "login" screen, with a message about "NEW! Better
> naviation on our login page!"
This is precisely the issue.
There are any number of cryptographic techniques that would allow
clients and servers to authenticate to each other in a phishing
resistant fashion, but they all depend on ensuring that the
*client* has access to the password and that the attacker can't
convince the user to type their password into some dialog
that the attacker controls. That's the challenging technical
issue, but it's UI, not cryptographic.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list