Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Delayed Password Disclosure

One of the vulnerabilities of the Secure Remote Password protocol discussed previously is that in many cases the password-entry interfaces provided to end-users by SRP compatible software agents can be spoofed by fraudulent parties.[47]

Delayed Password Disclosure (DPD) technology works to overcome this key vulnerability. In DPD, user passwords are supplemented by a sequence of images specific to each user, web server, and password. At the establishment of a relationship between a user and web server, the server provides the user with a sequence of images that corresponds to their password. Then, whenever the user wishes to log-in, they enter the first character of their password into a DPD compatible software agent. The web server uses its knowledge of what image should be presented to the user to send back specific data (for example, a sequence of binary digits). The software agent on the user’s machine uses that data in combination with a previously agreed upon method of manipulating it (for example, an algorithm known only to the web server and end-user) to determine what image should be displayed to the user for the particular password character that was entered. If the correct image is displayed to the end-user, they know that in all probability they are communicating with the correct server, and so enter the next character of their password. The process of displaying an image then repeats, until all characters are entered. If at any stage an incorrect image is displayed, the user can terminate the communications session before they have disclosed any sensitive data. If the correct sequence of images is displayed, the user knows they are communicating with the server they intend to.

A fraudulent party attempting to impersonate the web server will have great difficulty in determining what sequence of images should be displayed to the end-user, because the images are never transmitted across the network and hence cannot be intercepted. Rather, the end-user’s machine simply uses data provided by the server to compute what image should be displayed to the user. Secondly, even if the fraudulent party is able to guess what image should be displayed, that does not mean they learn the user’s password. It simply means that the user will enter the next character in their password, and the fraudulent party will then have to re-guess what image should be displayed to the user. Particularly if the pool of images which displayable to the user is large, it is unlikely that the fraudulent party will be able to successfully guess the image that is to be displayed for each password character.

[47] Jakobsson G M and Myers S, Stealth Attacks and Delayed Password Disclosure, AI3, 2006, <>.