On Thu, Sep 03, 2009 at 04:26:30PM +1200, Peter Gutmann wrote:
> Steven Bellovin <s...@cs.columbia.edu> writes:
> >This returns us to the previously-unsolved UI problem: how -- with today's
> >users, and with something more or less like today's browsers since that's
> >what today's users know -- can a spoof-proof password prompt be presented?
> Good enough to satisfy security geeks, no, because no measure you take will
> ever be good enough.  [...]

Well, if you're willing to reserve screen real estate, keyboard key
combinations, and so on, with said reserved screen space used to
indicate unambiguously the nature of other things displayed, and
reserved input combinations used to trigger trusted software paths, then
yes, you can solve that problem.  That's the premise of "trusted
desktops", at any rate.  There are caveats, like just how large the TCB
becomes (including parts of the browser), the complexity of the trusted
information to be presented to users versus the limited amount of screen
real estate available to convey it, the need to train users to
understand the concept of trusted desktops, no fullscreen apps can be
allowed, accessibility issues, it all falls apart if the TCB is
compromised, ...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to