Solving password problems one at a time, Re: The password-reset paradox
silky
michaelslists at gmail.com
Mon Feb 23 20:44:28 EST 2009
On Tue, Feb 24, 2009 at 12:23 PM, Ed Gerck <edgerck at nma.com> wrote:
[snip]
> What usercode? The point you are missing is that there are 2^35 private
> usercodes and you have no idea which one matches the email address that you
> want to sent your phishing email to.
What you're missing is that it doesn't matter. The user enters the
usercode! So they enter it into the phishing site which passes the
call along.
--
noon silky
http://www.boxofgoodfeelings.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list