[Cryptography] So please tell me. Why is my solution wrong?
Peter Fairbrother
peter at m-o-o-t.org
Thu Feb 9 08:26:00 EST 2017
Replying to the rather rude Mr Kilcullen:
I haven't read your paper, and don't intend to. However from reading
some of the other posts in this thread, I assume it is about securing a
TLS connection by using a pre-chosen graphic sent from server to user
client.
There are two problems with this: first, it doesn't work in practice for
human-type reasons. Peter G has given many links to this, which should
be enough.
Second, there are no circumstances in which it is actually useful.
It doesn't prevent phishing: if the circumstances of an
otherwise-succesful phishing attack are modified to include a graphic,
the phishing site can easily log in to the real site (as it knows the
real login details) obtain the graphic, then forward it to the client/user.
It doesn't protect in *any* other realistic use case either. It is
totally useless.
I realise I haven't directly answered your question - as I said, I
haven't read your paper, and as far as it goes it may be correct. But
that's 20 minutes work, £40 plus 20% VAT = £52.
Paypal accepted.
-- Peter Fairbrother
More information about the cryptography
mailing list