Lance James wrote:
> Here's where SRP fails:
> 1) SSL is built into the browser - doesn't stop
> phishers

SSL protects true names, SRP protects true
relationships.  Protecting true names turned out to be
not very useful.

> "Hi, we're having a problem with your account system
> as our SRP database was corrupted, please login
> through the webpage to verify your information and
> reset your SRP account to working order".

They set up their SRP account through the chrome, not
through a webpage.  This attack fails to mimic what is
routine.  Phishing relies on mimicry and habit. The
poorer the mimicry, the less people are likely to fall
for it.  Certainly some people will fall for it, there
is a sucker born every minute, but right now we are
seeing phishing attacks that quite sophisticated people
fall for.

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to