Peter Gutmann wrote:
For existing apps with habituated users, so am I. So how about the following
strawman: Take an existing browser (say Firefox), brand it as some special-
case secure online banking browser, and use the "new developments" solution
above, i.e. it only talks mutual-auth challenge-response crypto and nothing
else. At that point you've reduced "Reformat user and reinstall browsing
habits" to "Train users to only use safe-browser when they do their banking,
i.e. 'Never enter banking details using anything other than safe-browser'".
Even if you only get a subset of users doing this, it's still a massive attack
surface reduction because you've raised the bar from any idiot who buys a
phishing kit to having to perform a man-in-the-browser attack.
We did a version of this for CEAS this year (paper here:
http://www.parc.com/research/publications/details.php?id=6496).
I agree, I think it's not hard to come up with an
architecture that increases user security, while reducing
the amount they have to learn. Though, as per Perry's
comment, you do need to be able to say that *some* (not
all) of the software on your machine is not totally
borked... (an interesting question is: how much, and what).
--Diana
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
