[Security] About the Firefox 3 Security Dialog & others

Dirk Meyer dmeyer at tzi.de
Fri Aug 22 17:20:35 CDT 2008


Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:35 schrieb Dirk Meyer:
>
>> Advantages SRP:
>>  users can select a password they can remember
>>  users could use the same link to exchange the password if they talk
>>    in a riddle an attacker may not know (name of the person I talked
>>    to you about yesterday that wants to buy a new TV)
>
> Woudln't that mean an attacker could chose the question and chose one
> to which he knows the answer because it's not so secret? If an
> attacker does that with both ends, he has won, because he selected the
> question. Correct me if I'm wrong. 

No correction, you are right. The riddle is a stupid idea.


Dirk

-- 
We live in a society where pizza gets to your house before the police.


More information about the Security mailing list