-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When creating an account a cookie would store the passphrase.
On Wed, 11 Apr 2007 17:37:07 +0100 Johannes Berg <[EMAIL PROTECTED]> wrote: >On Wed, 2007-04-11 at 15:07 +0100, [EMAIL PROTECTED] wrote: > >> If I understand your point correctly are you referring to the >fact >> that a phisher could get the passphrase from the user. This >would >> not be possible because the passphrase would only be available >to >> that user and the passphrase consists of 5 or more words that >are >> meaningful to that user not a standard phrase that a phisher >could >> easily construct. > >You're right. > >Different point though: how does the system know somebody who >hasn't >logged on is which user? > >johannes -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYdFfoACgkQrR8fg3y/m1AmbgP8DolX8mRh8bef+3sL3X5kj2YXmsAi WsBPothxRIlmiK107HnDc7MLVTxBNQ6GUswZoZwrgaKX+R2ZcCmi6DpXs+yJfO+Tu0AR l4tR/hAbc8xdS3etzGscxRQODhoxS3R9PbsLfz/ElRoHlZFRkC6G1e1bDwt/CuOA7KFx al5sXMM= =zFgs -----END PGP SIGNATURE----- -- Click for top financial advice. Reduce debt & save for retirement http://tagline.hushmail.com/fc/CAaCXv1QQTowNiYysg3eFqBkTOHOoful/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
