Clever though this scheme is, man-in-the middle attacks make it no better than a plain SSL login screen. Since the bad guy knows what site you're trying to reach, he can use your usercode to fetch the shared secret from the real site and present it to you on his fake site. It's true, the fake site won't have the same URL as the real site, but if the security of this scheme still depends on people scrutinizing the browser's address bar to be sure they're visiting the site they think they are, how is this any better than an ordinary kitten-free SSL login screen?
If there is actual security value in it (as opposed to security theater) presumably it is that the MITM has to interact with the bank site to present the username and fetch the image in order to complete the phish. The bank site would monitor for a client address that makes multiple requests with different usernames and shut off its access quickly. The MITM could of course get around this by using multiple client addresses to make these requests, but this raises the bar for an effective MITM. Does it raise it enough to justify the cost of deploying these schemes? Apparently the banks think so, or they're doing them for some other reason
(theater, peer pressure, whatever). - RL "Bob" --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
