Anne & Lynn Wheeler wrote:
there has been some amount in the news recently about such website MITM exploits showing up (aka the additional website authentication processes aren't actually provide end-to-end authentication and integrity ... and a fraudulent website can still get in the middle ... transparently forwarding information in either direction as needed).
re: http://www.garlic.com/~lynn/2007b.html#53 Forbidding Special characters in passwords and the other problem with this scheme is that it scales badly (besides not providing end-to-end authentication/integrity and vulnerable to MITM attacks) ... it has effectively the same problems as shared-secret pin/passwords http://www.garlic.com/~lynn/subintegrity.html#secrets if this approach were to catch on ... then if you effectively have scores of unique pin/passwords for every unique security domain ... then you potentially need (to provide and remember) scores of unique images/descriptions for every website. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
