wisdom
will fix things, given how thoroughly it has NOT fixed things over decades now,
sounds like
subscribing to a 19th century snake-oil salesman to treat a modern epidemic.
Maybe some of the above might suggest some other ways...
Glenn Everhart
On 02/20/2013 09:34 AM, Gary McGraw wrote:
hi sc-l
Let me suggest something a little differently:
Perhaps when speaking of web app security, an already enormous area, it is
not so useful to enlarge it still more, but fools rush in.
One way to look at web code (and many other kinds) is that we are sending
strings to an interpreter and it does
cert was
being used in cleartext.
This is another demo of the difficulty of building any kind of software
token that can be connected to uncontrolled environments and which can
keep secrets. It may resist OFFLINE attack, but that is not the primary
attack threat today for such a beast.
Glenn
Some authentication ideas I have come up with may bear mention
given all the attention problems of authenticating folks remotely
have been getting.
Let us suppose to introduce the ideas that we have some token we give
folks such that it displays a number sequence (that may vary with time
or