WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Article - A solution to phishing

From: Joseph Miller <joseph () tidetamerboatlifts com>
Date: Mon, 29 Nov 2004 08:50:59 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why not use an opt-in system where a USB device contains a person's private 
key which is used to authenticate to a website?  They device is a complete 
encryption solution so that the key is never transferred to a computer, but 
the website challenges the browser, which challenges the device, which uses 
public key encryption to reply.  Such a device could also be used to contain 
personal information such as name, address, etc. so that automatic 
form-fillers in web browsers could be more effective and useful especially 
for roaming users.

- -Joseph Miller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBqylGmXZROF+EADURAsZNAJ992In6VinjzflweTLxy4Un+VUAxwCfZOK+
9PJUGeOY01ZtOBdjlsKbU+E=
=/l+Z
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: