[Security] About the Firefox 3 Security Dialog & others

Jonathan Schleifer js-xmpp-security at webkeks.org
Sat Aug 23 03:55:04 CDT 2008


m 23.08.2008 um 00:20 schrieb Dirk Meyer:

>> Woudln't that mean an attacker could chose the question and chose one
>> to which he knows the answer because it's not so secret? If an
>> attacker does that with both ends, he has won, because he selected  
>> the
>> question. Correct me if I'm wrong.
>
> No correction, you are right. The riddle is a stupid idea.

So we should go for SAS, I think. Having a 32-bit SAS encoded with  
Mnemonics (like already suggested here) really sounds like a great  
idea. I'd even prefer that to the way it's done in ESessions now :þ.

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080823/e7a61613/attachment.pgp 


More information about the Security mailing list