[cryptography] phishing/password end-game (Re: Why anon-DH ...)

James A. Donald jamesd at echeque.com
Sat Jan 19 02:45:33 EST 2013

On 2013-01-19 2:14 AM, ianG wrote:
> Also, the confounded users tend to lose their phones or have them 
> stolen.  And then they demand their 'identities' back, as if nothing 
> has happened.  So the keys need to be agile, in some sense.  Which 
> pushes us away from the phone, to cloud, or a variant, and then we're 
> back to the same old remote password problem.

Keys typically and commonly in the cloud, access them by SRP.

More information about the cryptography mailing list