[cryptography] phishing/password end-game (Re: Why anon-DH ...)
ben at links.org
Sat Jan 19 14:01:27 EST 2013
On 19 January 2013 07:45, James A. Donald <jamesd at echeque.com> wrote:
> On 2013-01-19 2:14 AM, ianG wrote:
>> Also, the confounded users tend to lose their phones or have them stolen.
>> And then they demand their 'identities' back, as if nothing has happened.
>> So the keys need to be agile, in some sense. Which pushes us away from the
>> phone, to cloud, or a variant, and then we're back to the same old remote
>> password problem.
> Keys typically and commonly in the cloud, access them by SRP.
Time to mention Nigori again, which is essentially this, minus the FUD
More information about the cryptography