[Cryptography] SRP for mutual authentication - as an alternative / addition to certificates?
Jerry Leichter
leichter at lrw.com
Wed Aug 5 13:09:55 EDT 2015
>> This is the core problem - if we could get users to only type their
>> passwords into the one true password box, then there are many viable
>> solutions to "the password problem". But all attempts to do this so far have
>> been dismal failures.
>
> Out of curiosity, do you have more details about previous attempts?
Safari actually implements such a mechanism: If the remote site asks for authentication in "the right way" - and, frankly, I have no idea what it is; some sites do manage to trigger the mechanism; most don't - a special box "unrolls" from the top chrome over the page. I don't know if the effect can be duplicated in Javascript; it would take some effort, I would think. But since people don't expect this anyway ... there's little point.
-- Jerry
More information about the cryptography
mailing list