Jeffrey Altman wrote:
> Unfortunately, SRP is not the solution to the phishing
> problem. The phishing problem is made up of many
> subtle sub-problems involving the ease of spoofing a
> web site and the challenges involved in securing the
> enrollment and password change mechanisms.

With SRP, the web site cannot be spoofed, for it must
prove it knows the  user's secret passphrase.

Now Wagner keeps complaining that the users are complete
morons, who could be taken in by a very shoddy spoof,
and no doubt that is true, but right now it is possible
to make a very good spoof, and that can be fixed.

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to