02-19-2016, 09:28 AM | #46 | |
The Grand Mouse 高貴的老鼠
Posts: 71,507
Karma: 306214458
Join Date: Jul 2007
Location: Norfolk, England
Device: Kindle Voyage
|
Quote:
But I'm by no means an expert. |
|
02-19-2016, 09:38 AM | #47 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
This is perhaps why modern banking websites (mine at least) don't ask you to enter your complete password, but only selected letters from it. Information intercepted in such a way would not be sufficient to allow anyone to gain access to your account.
|
Advert | |
|
02-19-2016, 11:01 AM | #48 | |
Award-Winning Participant
Posts: 7,318
Karma: 67930154
Join Date: Feb 2010
Location: NJ, USA
Device: Kindle
|
Quote:
If those few characters give you access, they could give not you access as well. I've never seen the partial pwd thing you're describing, but it essentially sounds like a variation of a session key. ie, the few characters that work THIS time would not be the same few characters that work THE NEXT TIME, right? ApK |
|
02-19-2016, 11:03 AM | #49 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
That's right. It asks you at random for, say, the 2nd, 4th, and 7th character of your password.
|
02-19-2016, 02:19 PM | #50 | |
The Grand Mouse 高貴的老鼠
Posts: 71,507
Karma: 306214458
Join Date: Jul 2007
Location: Norfolk, England
Device: Kindle Voyage
|
Quote:
Not many people understand true randomness. |
|
Advert | |
|
02-21-2016, 03:17 AM | #51 | |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Quote:
But as I understand, this is the exact threat which HTTP Strict Transport Security protects against. MITM is usually leveraged to strip the SSL and relies on the user not knowing that the website should use HTTPS. Of course, there are some attacks that strike against TLS itself. But generally those get fixed by software updates (not much else you can do really). As you say, this all depends on your computer (and the certificate authority!) not being compromised. If that happens, you've lost before you started fighting. Last edited by eschwartz; 02-21-2016 at 03:24 AM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Seriously thoughtful Verso un Forum italiano/Toward an Italian Forum | beppe | Lounge | 262 | 01-19-2022 05:50 AM |
MobileRead forum is requesting authentication upon entering any forum | Katsunami | Feedback | 19 | 03-16-2014 02:11 AM |
WOW! The Kobo Forum is Almost Getting as Much Action as the Kindle Forum!!! | pokee | Kobo Reader | 16 | 11-13-2011 09:50 AM |
Sondaggio su apertura forum italiano/Italian forum Poll | kya | General Discussions | 27 | 11-07-2011 06:32 AM |