[Cryptography] Toxic Combination

Benjamin Kreuter brk7bx at virginia.edu
Sun Nov 30 21:25:38 EST 2014

On Sun, 2014-11-30 at 22:55 +0100, Guido Witmond wrote:

> The general issue is twofold:
>     People need to validate the authenticity of a site before typing in
> their password;
>     The password gets transmitted to the other party.

The second issue is more important than the first.  In an ideal world we
would use a non-malleable zero knowledge protocol of some kind, so that
authenticating yourself to some scammer would not allow the scammer to
raid your bank account.  What is unfortunate is that such protocols are
not readily available to programmers, and so we are unlikely to see them
deployed any time soon.

-- Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141130/295d32b8/attachment.sig>

More information about the cryptography mailing list