Jonathan Schleifer wrote: > Am 22.08.2008 um 22:35 schrieb Dirk Meyer: > >> Advantages SRP: >> users can select a password they can remember >> users could use the same link to exchange the password if they talk >> in a riddle an attacker may not know (name of the person I talked >> to you about yesterday that wants to buy a new TV) > > Woudln't that mean an attacker could chose the question and chose one > to which he knows the answer because it's not so secret? If an > attacker does that with both ends, he has won, because he selected the > question. Correct me if I'm wrong.
No correction, you are right. The riddle is a stupid idea. Dirk -- We live in a society where pizza gets to your house before the police.