[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?

Bill Cox waywardgeek at gmail.com
Wed Feb 8 03:39:38 EST 2017


On Wed, Feb 8, 2017 at 12:13 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Bill Cox <waywardgeek at gmail.com> writes:
>
> Nope, it doesn't.  We have about fifteen years' worth of both research and
> real-world results showing that site images don't work.  It's a great idea,
> sure, it's just one that doesn't actually work in practice.
>
> Peter.
>


Can you elaborate a bit on the research?  Did it cover the case where the
picture is stored on the client machine and the same picture is shown when
logging into for all web sites?

I think a tool like that could be built as a browser plugin, and it could
use some simple heuristics like Chrome does when it saves your passwords to
figure out when a user is on a login page.

That said, I find most crypto and authentication related ideas are almost
always 1) not new 2) already broken, and a frustratingly high portion of
the time they are both :-\

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170208/833685e2/attachment.html>


More information about the cryptography mailing list