unity-design team mailing list archive

Thread
Date

Re: [Fwd: Re: Update manager] - a secure way to ask for information

To: Vincenzo Ciancia <ciancia@xxxxxxxxxxx>
From: mac_v <drkvi-a@xxxxxxxxx>
Date: Tue, 16 Jun 2009 16:05:29 +0530
Cc: ayatana@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4A376D38.2000402@di.unipi.it>
User-agent: Thunderbird 2.0.0.21 (X11/20090409)

Vincenzo Ciancia wrote:
> 
> Do you think it is easy to design a webpage that simulates such a
> "password fraud"? I see a difficulty here due to having to dim the whole
> screen to look like the standard password request, not that an user
> would not enter it in any kind of pop-up.
> 

Actually the dimming part might not be tough! {not to get into too much
details,lest someone gets ideas} the dim can be done tirggering compiz
effects :P

But i'm not saying it is easy , but *can be done*.

> On the other hand, I have an idea for a secure way to ask for user
> input. In the installer, the user choses her own password, and the
> "secret phrase" which will be written in a root-only accessible file.
> This sentece will be shown to the user by the system when a password is
> asked and will autenticate the system with the user. The user should
> then be instructed not to enter his own password unless the right phrase
> is seen. A random phrase may be suggested automatically from a huge list.
> 
> Vincenzo
> 

+1.
WOW!  i like this idea.

Cheers,
mac_v

References

[Fwd: Re: Update manager]
From: Paulo J. S. Silva, 2009-06-16
Re: [Fwd: Re: Update manager]
From: mac_v, 2009-06-16
Re: [Fwd: Re: Update manager] - a secure way to ask for information
From: Vincenzo Ciancia, 2009-06-16