lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <178150.56591.qm@web45105.mail.sp1.yahoo.com>
Date: Sun, 23 Mar 2008 18:17:18 -0700 (PDT)
From: Steven Rakick <stevenrakick@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenID. The future of authentication on the
	web?

I'm not sure why it isn't on their home page any more.
It used to be. Their FAQ is at: 

http://www.beemba.com/faq.aspx.


On Sun, Mar 23, 2008 at 8:46 PM, Paul Schmehl
<pauls@...allas.edu> wrote:
> --On March 23, 2008 8:04:41 PM -0400 Larry Seltzer
> <Larry@...ryseltzer.com> wrote:
> 
> >>> I understand the attractiveness of not having to
remember lots of IDs
> > and passwords, but when you give up control of
your data, you give up
> > control of your future.
> >
> > Normal people aren't going to remember enough
passwords, let alone
> > strong passwords, to make that control meaningful.
I do get your point,
> > but I bet that the best alternative is to give
them one set of
> > credentials and make it as strong as possible.
> >
> 
> I agree with your premise, Larry.  It's the solution
I object to.  The
> correct solution, imo, is one that allows the user
to retain control of
> their data.  The password managers in browsers are
an early attempt at
> this.  Mac's File Vault is another.  The correct
solution, IMO, would be
> an encrypted password vault, stored on a USB drive
and only available
> through the use of a password and some other form of
identification
> (biometric, etc.)
> 
> In other words, a combination of something you have
and something you
> know, not something someone else has and something
you know.  If I'm
> carrying my passwords in encrypted form in a device
I possess, I have
> complete control of who gets granted access to my
data, and the compromise
> of any one vendor site that I visit will, at the
worst, compromise the
> data I granted them access to.
> 
> Paul Schmehl (pauls@...allas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
> 
> _______________________________________________
> 
> Full-Disclosure - We believe in it.
> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
> 


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ