[Security] About the Firefox 3 Security Dialog & others

Jonathan Schleifer js-xmpp-security at webkeks.org
Fri Aug 22 15:53:47 CDT 2008


Am 22.08.2008 um 22:35 schrieb Dirk Meyer:

> Advantages SRP:
>  users can select a password they can remember
>  users could use the same link to exchange the password if they talk
>    in a riddle an attacker may not know (name of the person I talked
>    to you about yesterday that wants to buy a new TV)

Woudln't that mean an attacker could chose the question and chose one  
to which he knows the answer because it's not so secret? If an  
attacker does that with both ends, he has won, because he selected the  
question. Correct me if I'm wrong. I'm more for SAS anyway :). Most  
users will chose to easy questions.

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080822/dc1845f8/attachment-0001.pgp 


More information about the Security mailing list