[133002] in cryptography@c2.net mail archive
Re: "usable security" at www.usable.com
daemon@ATHENA.MIT.EDU (Ali, Saqib)
Thu Sep 11 08:30:42 2008
Date: Thu, 11 Sep 2008 03:01:36 -0400
From: "Ali, Saqib" <docbook.xml@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <20080909095553.GH1374@apb-laptoy.apb.alt.za>
> to make it easy to login to participating web sites. However, I don't
> see any details of the protocols or algorithms.
The service looks very user friendly and secure (i.e. if implemented properly)
It is unfortunate that being a security aware company they don't
provide information about the protocols or algorithms. I haven't used
the service either. So I am as clueless as anyone else. But I won't
let that stop me from making some speculations ;-)
Note: The following are pure speculations and wild guesses:
The service seems to incorporate a technology similar to RSA's
passmark to perform mutual authentication i.e. authenticate the client
machine to the server to prevent phishing. In addition, it appears,
they are also utilizing host-proof hosting AJAX paradigm such that
your login information is never sent to the Usable's cloud servers in
clear-text.
Both of these technologies are well-defined and, if implemented
properly, provide reasonable amount of security.
BankOfAmerica utilizes RSA's Passmark for Logons. Passpack utilizes
Host-proof hosting AJAX paradigm.
saqib
http://doctrina.wordpress.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
