On Thu, 1 Jun 2006, James A. Donald wrote:
> Florian Weimer wrote:
>  > There is no way to force an end user to enter a
>  > password only over SRP.
>
> Phishing relies on the login page looking familiar.  If
> SRP is in the browser chrome, and looks strikingly
> different from any web page, the login page will not
> look familiar.

I think you might be overestimating the attentiveness and
discrimination abilities of most people.  A scheme that
makes a real login form *technically* discriminable from a
fake login form (i.e. there is some rule you can follow that
will give you 100% accuracy as to which is which, such as
"check for presence of the taskbar") will not necessarily
achieve a 100% fraud prevention rate because the rule will
not always be followed.

Different kinds of discrimination will yield different rates
of success.  Some rules are more difficult to follow than
others; some rules are easier to forget than others.  Depending
on the scheme, even a highly technical user such as you or me
might fail to notice a spoof when we're in a hurry to complete
the transaction or we're distracted by other things.

This is the trusted-path problem.  Some examples of proposed
solutions to trusted-path are:

    - Dim the entire screen.
    - Use special window borders.
    - Use flashing window borders.
    - Use specially shaped windows.
    - Attach a warning label to all untrusted windows.
    - Display a customized word or name.
    - Display a customized image.
    - Overlay a semitransparent customized image.
    - Require the user to press a secure attention key.
    - Require the user to click a customized button.

I'm interested in people's thoughts on what works better or
might work better.  (Feel free to add to the list.)


-- ?!ng

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to