On Thu, Sep 03, 2009 at 04:26:30PM +1200, Peter Gutmann wrote: > Steven Bellovin <s...@cs.columbia.edu> writes: > >This returns us to the previously-unsolved UI problem: how -- with today's > >users, and with something more or less like today's browsers since that's > >what today's users know -- can a spoof-proof password prompt be presented? > > Good enough to satisfy security geeks, no, because no measure you take will > ever be good enough. [...]
Well, if you're willing to reserve screen real estate, keyboard key combinations, and so on, with said reserved screen space used to indicate unambiguously the nature of other things displayed, and reserved input combinations used to trigger trusted software paths, then yes, you can solve that problem. That's the premise of "trusted desktops", at any rate. There are caveats, like just how large the TCB becomes (including parts of the browser), the complexity of the trusted information to be presented to users versus the limited amount of screen real estate available to convey it, the need to train users to understand the concept of trusted desktops, no fullscreen apps can be allowed, accessibility issues, it all falls apart if the TCB is compromised, ... Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
