[cap-talk] [Fwd: Re: "Secure Bookmark" terminology and Phoolproof Phishing Preventing from CMU]
Mark S. Miller
markm at cs.jhu.edu
Thu Sep 7 23:44:51 CDT 2006
Hi Brian, thanks for responding so quickly. It seems our responses crossed in
the mail, so I'll let my response to Eric stand as the response to this as
well. I'll expand bit below.
Bryan Parno wrote:
> I would have to agree with Eric's response. The concern would be a
> phishing site that also spoofs the portion of the browser UI that displays
> the Petname.
We need to be clear about claims and threat models. If the phishing site can
spoof this, then that problem needs to be addressed first. Until it is,
petnames do you no good. This is outside the threat model petnames themselves
address. It is within the threat model addressed by DSS. The two are thereby
complimentary.
> If the phisher can guess the Petname that the user has chosen,
> then they can display it as part of the Petname spoof, and the user will not
> detect that they have visited a phishing site.
> A well-chosen Petname would make this attack much harder, but some people
> will probably choose poor Petnames. Since phishing attacks scale relatively
> well, the phishers would have an incentive to attempt this attack, as even a
> low success rate could still prove lucrative.
By your criteria, I choose poor petnames all the time, and on purpose. If I
tried to choose hard-to-guess petnames, then they'd have all the human
memorability of passwords, which would lose the whole point.
> I'm heading out of town for a few weeks tomorrow, so my access to email
> will be sporadic. I look forward to continuing our discussions when I
> return.
I look forward to it.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list