[security] How to prevent phishing...
gaz_sec at hushmail.com
gaz_sec at hushmail.com
Wed Apr 11 17:09:52 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When creating an account a cookie would store the passphrase.
On Wed, 11 Apr 2007 17:37:07 +0100 Johannes Berg
<johannes at sipsolutions.net> wrote:
>On Wed, 2007-04-11 at 15:07 +0100, gaz_sec at hushmail.com wrote:
>
>> If I understand your point correctly are you referring to the
>fact
>> that a phisher could get the passphrase from the user. This
>would
>> not be possible because the passphrase would only be available
>to
>> that user and the passphrase consists of 5 or more words that
>are
>> meaningful to that user not a standard phrase that a phisher
>could
>> easily construct.
>
>You're right.
>
>Different point though: how does the system know somebody who
>hasn't
>logged on is which user?
>
>johannes
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkYdFfoACgkQrR8fg3y/m1AmbgP8DolX8mRh8bef+3sL3X5kj2YXmsAi
WsBPothxRIlmiK107HnDc7MLVTxBNQ6GUswZoZwrgaKX+R2ZcCmi6DpXs+yJfO+Tu0AR
l4tR/hAbc8xdS3etzGscxRQODhoxS3R9PbsLfz/ElRoHlZFRkC6G1e1bDwt/CuOA7KFx
al5sXMM=
=zFgs
-----END PGP SIGNATURE-----
--
Click for top financial advice. Reduce debt & save for retirement
http://tagline.hushmail.com/fc/CAaCXv1QQTowNiYysg3eFqBkTOHOoful/
More information about the security
mailing list