On 2010/10/29 01:44 PDT, Nelson B Bolyard wrote: > No, passwords simply have NO PLACE in protecting the average user from > phishing. And it doesn't matter whether the password is used to derive > a session encryption key, or just as an authentication token. The user > is just as vulnerable either way.
Illustrative case history: http://imgur.com/cNorB -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
