AP> I am all for increased security but I'm having a hard time finding the
AP> value in this. It could mitigate password re-use, a password
AP> compromised in one place used to exploit an account in another place,
AP> but using service-specific passwords already does that.
The last time CBcrypt came up, my takeaway was that it gives you
public-key encryption with ephemeral private keys, i.e. you can get all
the advantages of not sending any reusable credentials to the server,
without the hassle of having to generate and store a private key somewhere.
-Josh (iril...@infersys.com)
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
