> From: Paul Graydon [mailto:p...@paulgraydon.co.uk] > > I'll happily confess that cryptography is a field I haven't spent much time > looking at, and I might also be misinterpreting what you're saying, but it > seems odd to be generating a keypair based one two pieces of publicly > identifiable information, and a password, the latter of which have a tendency > to be insecure. > For example, if we're talking about twitter's main account you know that it's > "twitter.com","twitter" and.. say.. "foo bar". In which case why bother with > the first two, everyone knows what they are?
The reason to include the servername as an input factor is to ensure the generated keypair will be different on different sites, even if you have the same username & password. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
