"Haripriya S" <[EMAIL PROTECTED]> writes: > pwdHash can address two problems: > a. theft of the passwords from one website and using the same at other > websites > b. theft of passwords for the target website by phishing > But techniques like pwdHash cannot prevent phishing attacks where the > phishing sites do not even validate the password from the user, but goes > on to prompt and capture long-term credentials from the user like credit > cards etc. As Eliot pointed out, in such cases it is the server which > needs to be authenticated in a phish-proof way.
That's one way to look at it. Another is that this is just another password and should be solved with the same approach. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
