once more, with feeling.
Perry E. Metzger
perry at piermont.com
Tue Sep 23 14:21:20 EDT 2008
"James A. Donald" <jamesd at echeque.com> writes:
> If the user is used to logging in by a user interface that is not easy
> for forge remotely - click on bookmark to bring up a user interface
> that is difficult to remotely forge - then this does indeed work.
It might have been secure enough back in the days before almost every
machine was infected by things like drive-by malware. Now that the
hardware the user is on can no longer be trusted, this would only
raise the bar slightly, and cause the bad guys, who already own half
the machines on the net, to work a few more hours.
I won't say such a thing would be bad if it already existed, but it
seems like it would no longer be enough.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list