Ed Gerck wrote:
> (UI in use since 2000, for web access control and
> authorization) After you enter a usercode in the first
> screen, you are presented with a second screen to
> enter your password. The usercode is a mnemonic
> 6-character code such as HB75RC (randomly generated,
> you receive from the server upon registration). Your
> password is freely chosen by you upon
> registration.That second screen also has something
> that you and the correct server know but that you did
> not disclose in the first screen -- we can use a
> simple three-letter combination ABC, for example. You
> use this to visually authenticate the server above the
> SSL layer. A rogue server would not know this
> combination, which allays spoofing considerations --
> if you do not see the correct three-letter
> combination, do not enter your password.

No one is going to check for the correct three letter
combination, because it is not part of the work flow, so
they will always forget to do it.

It might work if you have something that dramatically
alters the overall look of the page and organization of
the page, such as a big skin with a big graphic,
editable by user, and initially randomly generated per
user.  If you put the fields in different places,
depending on the user, then user will have to pay
attention when fields are not where he expects them to

It would also help if you made the login page
extensively user customizable, and ask the user to
customize it in order to protect himself against
phishing.  When suddenly his customizations vanish, he
will instantly and instinctively feel that what is his
has been taken, and appropriately perceive himself to be
under attack.

But a better solution would be to use SRP or J-Pake so
that a successful phish fails to reveal the password.

Unfortunately, for reasons that are entirely unclear to
me, there is passionate resistance to building J-Pake or
SRP into the browser - we need a UI in the browser, and
a PHP module on the server, to make these actually

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to