[Cryptography] Password entry protocols
Henry Baker
hbaker1 at pipeline.com
Sat Mar 31 11:08:06 EDT 2018
Is it just me, or are all password entry protocols
laughably easy to spoof?
If these protocols were done in "real life", the
writers for "Get Smart" would leave them on the
cutting room floor.
When a program/website asks me for a password, it's
the equivalent of someone in a spy movie asking on
the telephone "is this a secure line": which in
itself is laughable -- if you have to ask, it isn't!
So all I have to do is to simply copy the screen --
or the particular section of the screen -- and ask
someone to type in their password.
Furthermore, I can even have Eve sit there watching
the screen for a particular combination of pixels to
show up, and know when to start typing in behind the
scenes.
Trying to train people to look for a different
combination of pixels every time is even worse --
how can they tell which is the real from the fake?
More information about the cryptography
mailing list