lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Mar 2008 06:16:40 -0500 (EST)
From: "Pedro Hugo" <fractalg@...hspeedweb.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenID. The future of authentication on the
 web?

>>>The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people to insert USB keys? This vault requires a support
> system of some kind; does there need to be software on the system to
> read it? Do you trust that software?
>

And even encryption solution have their problems as the key recovery from
ram paper has shown...

If we use public/private keys with SSH, why not use it with more services,
like web ones ? :)
Keys owners would have the responsability to manage their keys (password
recovery procedures substituted by key procedures) and their passwords...

Of course it would take a long time to deploy and teach the general public
about it, but isn't that what security pros are trying to do for a long
time ?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists