[cryptography] phishing/password end-game (Re: Why anon-DH ...)

James A. Donald jamesd at echeque.com
Wed Jan 16 20:41:18 EST 2013

On 2013-01-17 11:38 AM, James A. Donald wrote:
> The end game is passwords with srp.  Even if you are using client side 
> certificates, you have to be able to get your PC client side 
> certificates onto your smartphone, which requires that you sign on to 
> your PC using a password.

To clarify:  I think everyone and everything should be identified by 
their public key, but the corresponding non human memorable secret key 
has to be stored somewhere, and I propose that you sign on to that 
somewhere using a password and srp.

More information about the cryptography mailing list