Steven Bellovin <> writes:

>This returns us to the previously-unsolved UI problem: how -- with today's
>users, and with something more or less like today's browsers since that's
>what today's users know -- can a spoof-proof password prompt be presented?

Good enough to satisfy security geeks, no, because no measure you take will
ever be good enough.  However if you want something that's good enough for
most purposes then Camino has been doing something pretty close to this since
it was first released (I'm not aware of any other browser that's even tried).
When you're asked for credentials, the dialog rolls down out of the browser
title bar in a hard-to-describe scrolling motion a bit like a supermarket till
printout.  In other words instead of a random popup appearing in front of you
from who knows what source and asking for a password, you've got a direct
visual link to the thing that the credentials are being requested for.  You
can obviously pepper and salt this as required (and I wouldn't dream of
deploying something like this without getting UI folks to comment and test it
on real users first), but doing this is a tractable UI design issue and not an
intractable business-model/political/social/etc problem.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to