Originally posted by xfcemint
View Post
The two-passwords scheme is as far as I can tell as susceptible to a simple man in the middle attack as just using a single password (and case in point is the very question that you just asked that uses a MiM attack on the scheme), it proves to the user that the part of the computer doing the logon is not compromised (at least once since it only presents an image, after getting P0 the attacker now have P0 for ever) but it does not prove nor set up a secure communications channel between the user and the logon process of the computer and this is where the attack venue lies.
Comment