On 10/6/2015 5:12 PM, Edward Ned Harvey (blu) wrote:
I have no idea what RP was talking about, or if there was a point at all, but Anthony, you're right. I know in CBCrypt, there is no basket with all the eggs.
Yes, there is. The authenticating server has a piece of information for each user which can be used to uniquely identify that user. Encrypting these unique pieces of information, these eggs, does not prevent me from cracking them open. It slows me down but it won't keep me out.
The point is that this paradigm is broken, backwards. It's /etc/passwd in fancy dress. Users and clients should not be authenticating themselves to servers and services. Servers and services should be authenticating themselves to the users and clients which use them.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
