[Security] About the Firefox 3 Security Dialog & others
Dirk Meyer
dmeyer at tzi.de
Fri Aug 22 17:20:35 CDT 2008
Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:35 schrieb Dirk Meyer:
>
>> Advantages SRP:
>> users can select a password they can remember
>> users could use the same link to exchange the password if they talk
>> in a riddle an attacker may not know (name of the person I talked
>> to you about yesterday that wants to buy a new TV)
>
> Woudln't that mean an attacker could chose the question and chose one
> to which he knows the answer because it's not so secret? If an
> attacker does that with both ends, he has won, because he selected the
> question. Correct me if I'm wrong.
No correction, you are right. The riddle is a stupid idea.
Dirk
--
We live in a society where pizza gets to your house before the police.
More information about the Security
mailing list