On 4/23/20 7:35 PM, Matt Palmer wrote:
On Thu, Apr 23, 2020 at 06:31:04PM -0700, Michael Thomas wrote:
Passwords over the wire are the *key* problem of computer security. Nothing
else even comes close.
Hmm, a bold claim, but I'm confident the author will have strong support for
their position.
One only needs to look at the LinkedIn salting problem
That was a stored password problem, not a passwords-over-the-wire problem,
but OK. I'm sure we'll be back on track shortly.
You can't have a stored password problem if you never see them.
While I do think webauthn is a neat idea, and solves at least one very real
problem (credential theft via phishing), you do an absolutely terrible job
of making that case.
see RFC 4876, it is not about phishing. not even a little bit. Never has
been. Please get a clue.
Mike
