On Wed, 2007-04-11 at 15:07 +0100, [EMAIL PROTECTED] wrote: > If I understand your point correctly are you referring to the fact > that a phisher could get the passphrase from the user. This would > not be possible because the passphrase would only be available to > that user and the passphrase consists of 5 or more words that are > meaningful to that user not a standard phrase that a phisher could > easily construct.
You're right. Different point though: how does the system know somebody who hasn't logged on is which user? johannes
signature.asc
Description: This is a digitally signed message part
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
