You know this is why you should use ssh-keys and disable password
authentication. First thing I do when someone gives me an ssh account.
ssh-keys is the EKE(*) equivalent for ssh. EKE for web login is decades
overdue and if implemented and deployed properly in the browser and server
could
Adam Back a...@cypherspace.org writes:
EKE for web login is decades overdue and if implemented and deployed properly
in the browser and server could pretty much wipe out phishing attacks on
passwords.
We have source code for apache, mozilla, maybe could persuade google; and
perhaps microsoft and
Hi,
On 07/13/2011 01:34 PM, Ian G wrote:
Is there any reason why the ssh client-side can't generate the key, take
the password from the user, login and install the key, all in one
operation?
Hm, I think there's actually a tool to do just that, although I don't
remember the name. You'd
On 2011-07-13 9:10 PM, Peter Gutmann wrote:
As for Microsoft, Opera, etc who knows? (If you work on, or have worked on,
any of these browsers, I'd like to hear more about why it hasn't been
considered). I think it'll be a combination of two factors:
1. Everyone knows that passwords are
On Wed, Jul 13, 2011 at 2:17 PM, James A. Donald jam...@echeque.com wrote:
On 2011-07-13 9:10 PM, Peter Gutmann wrote:
As for Microsoft, Opera, etc who knows? (If you work on, or have worked
on,
any of these browsers, I'd like to hear more about why it hasn't been
considered). I think
On 07/13/2011 01:33 PM, Jeffrey Walton wrote:
I believe Mozilla is [in]directly supported by Google. Mozilla has
made so much money, they nearly lost their tax exempt status:
http://tech.slashdot.org/story/08/11/20/1327240/IRS-Looking-at-GoogleMozilla-Relationship.
Mozilla has a lot of cash
On 14/07/11 4:33 AM, Jeffrey Walton wrote:
On Wed, Jul 13, 2011 at 2:17 PM, James A. Donaldjam...@echeque.com wrote:
On 2011-07-13 9:10 PM, Peter Gutmann wrote:
As for Microsoft,
Microsoft have a big interest in bypassing the status quo, and they've
tried several times. But each time it
Ian G wrote:
Well, not financially, more like the policy side is impacted by the
CAs, which are coordinated in a confidential industry body called
CABForum. This body communicates internally to Mozilla (being a
member) and via private comment by CAs to the CA desk.
AFAIK, the CABForum has a
Ian G i...@iang.org writes:
Microsoft have a big interest in bypassing the status quo, and they've tried
several times. But each time it isn't for the benefit of the users, more for
their own benefit, in that they've tried to rebuild the security
infrastructure with themselves in control.
Ian G wrote:
The chances of them approving or agreeing to EKE are next to nil.
The problem with Mozilla security
coding is more this: most (all?) of the programmers who work in that
area are all employees of the big software providers. And they all
have a vested interest in working for the
10 matches
Mail list logo
