Comment TLS/SSL/PKI is just the wrong algorithm. (Score 1) 92
For logging into a secure server the correct algoritmm is Secure Remote Password (SRP).
This uses a little crypto magic to produce STRONG security from weak passwords. It is a bit like using a nounce, but it does not give a man in the middle any way to brute force guess the password.
If the user tries to log into a phished website the attempt simply fails. The phisher learns nothing. And there is no need for all the PKI certificate signing trusted third party nonsense.
It is not just dumb end users. What do you do when an SSH session says "new certificate". Check its finger print? Of course not, nobody does. With SRP this would be completely unnecessary.
It does not work for sites upon which you have no account. But for banking etc. it is the obvious way to go. But somehow the PKI mob and their expensive certificates got all the press. And no patents on SRP.
(There are a number of similar algorithms known as PAKE. But SRP is the latest and greatest incarnation.)