[cryptography] phishing/password end-game (Re: Why anon-DH ...)
James A. Donald
jamesd at echeque.com
Wed Jan 16 20:41:18 EST 2013
On 2013-01-17 11:38 AM, James A. Donald wrote:
> The end game is passwords with srp. Even if you are using client side
> certificates, you have to be able to get your PC client side
> certificates onto your smartphone, which requires that you sign on to
> your PC using a password.
To clarify: I think everyone and everything should be identified by
their public key, but the corresponding non human memorable secret key
has to be stored somewhere, and I propose that you sign on to that
somewhere using a password and srp.
More information about the cryptography