[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?

[James A. Donald]

 > > Will it work?  To answer that question, hold down the Ctrl and alt
 > > keys, and press the del key.   Now imagine that with a background
 > > image unique to each person's computer.

On 2/9/2017 12:11 PM, Peter Gutmann wrote:
> Now imagine someone running a real-world user study to see if it actually
> works in practice rather than just in theory.  Given all the studies that
> have been done on this sort of thing in the past showing that it's not very
> effective in practice, I would assume by simple extrapolation that the
> answer remains "no", but I'm happy to be proven wrong.

How would you run a real world user study?

The problem with today's users are that they are trained to be phished, 
because they are trained to enter their passwords into a wide variety of 
UIs.

To untrain them, you need to stop people from being asked to enter their 
passwords into a wide variety of UIs - you not only need to provide a 
password user interface to a zero knowledge password proof, where both 
parties prove knowledge of the password without giving it away, the 
state has to prohibit its subjects, or perhaps the business its 
employees, or perhaps Clinton her co-conspirators, from using any 
software or service that uses any other interface to enter a password.

To give this a fair test requires an ecosystem of software and services 
that uses the system, and some substantial compulsion and coercion to 
exclude anything outside that ecosystem.

Anything less is not a fair test.