With all this heartbleed stuff going around ... And major service providers declaring to all internet users, "Change all your passwords everywhere," it suddenly seems like a good idea to use something like CBCrypt, huh. Because if attackers attack a server and discover your password, you have to change your password. But if they attack the server and discover your public key on that server, no big deal.
Still, if they got the private key of the server, then the server admins need to change their cert, but the whole point of using asymmetric key authentication for users is to protect the user credentials. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
