Security through kittens, was Solving password problems

John Levine johnl at iecc.com
Wed Feb 25 09:53:39 EST 2009


>This means a site paying attention to such things could notice a
>change in IP address, or, if several users were attacked this way,
>notice repeated connections from the same IP. (Granted the MITM
>could distribute the queries over a botnet, but it raises the bar
>somewhat.)
>
>I have no idea if sites do such check, just speculation on my part.

You're right, but it's not obvious to me how a site can tell an evil
MITM proxy from a benign shared web cache.  The sequence of page
accesses would be pretty similar. I suppose that you could hope that
legitimate HTTPS requests would come direct from the client machine,
so requests for multiple users on the same IP would be suspicious, but
on networks like AOL's, I wouldn't count on it working that way.

R's,
John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list