| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55393.69.51.0.208.1206357400.squirrel@monkeys.highspeedweb.net> Date: Mon, 24 Mar 2008 06:16:40 -0500 (EST) From: "Pedro Hugo" <fractalg@...hspeedweb.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: OpenID. The future of authentication on the web? >>>The correct solution, IMO, would be an encrypted password vault, > stored on a USB drive and only available through the use of a password > and some other form of identification (biometric, etc.) > > What about kiosks and other situations where it wouldn't be secure to > allow arbitrary people to insert USB keys? This vault requires a support > system of some kind; does there need to be software on the system to > read it? Do you trust that software? > And even encryption solution have their problems as the key recovery from ram paper has shown... If we use public/private keys with SSH, why not use it with more services, like web ones ? :) Keys owners would have the responsability to manage their keys (password recovery procedures substituted by key procedures) and their passwords... Of course it would take a long time to deploy and teach the general public about it, but isn't that what security pros are trying to do for a long time ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists