[Cryptography] phishing, was Encryption opinion
James A. Donald
jamesd at echeque.com
Tue Aug 26 05:45:21 EDT 2014
On 2014-08-26 14:48, John Levine wrote:
>>> Web phishes rarely do MITM. It's a site that looks like the real site
>>> and tells you to log in. Once you do, it says oops, you mistyped your
>>> password and perhaps redirects you to the real site. It's just
>>> impersonation.
>>
>> MITM is an abstract term denoting two endpoints and a node in the
>> middle. The correct communication goes between the endpoints without
>> interference. An MITM interposes a middle node by one means or another
>> that can see plaintext and pervert intent.
>>
>> Above, you've met those requirements.
>
> No, the phish site does not communicate with the bank, it merely
> impersonates the bank to steal your credentials. The phish is not a
> middle node. I don't know how to say that any more clearly.
Phishing:
Alice intends to submit her password to Bob. Instead she submits it to
Mallory, who submits it to Bob.
Sure sounds like Mallory is in the middle.
More information about the cryptography
mailing list