On Mon, Sep 19, 2005 at 02:54:14PM +0200, Amir Herzberg wrote: > We now added a mechanism > computes a hash of every unprotected site for which the user has > assigned name/logo. TrustBar compares this hash on subsequent accesses > to the same site. If the site is not modified in five subsequent > accesses, TrustBar begins displaying `Same since <date>`; and when the > site changes, TrustBar displays a warning. This can help users notice a > fake version of their login page. Unfortunately, this mechanism does not > work very well on most real-life login pages, since most of them contain > a tiny bit of frequently-changing data such as date or `random` > identifiers (mostly to identify a cookie-less client, we think). We are > working on improving the mechanism so it will be tolerant to such tiny > changes, without exposing the user to malicious changes. >
You could consider hashing Just all <SCRIPT>...</SCRIPT> content, the action URIs of all forms, and the targets of all links, ignoring superficial content changes and changes in layout (sort the hashed items). -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]