nanog mailing list archives
Re: LinkedIn password database compromised
From: "Luke S. Crawford" <lsc () prgmr com>
Date: Fri, 8 Jun 2012 19:22:15 -0400
On Wed, Jun 06, 2012 at 07:43:42PM -0700, Aaron C. de Bruyn wrote:
Why haven't we taken this out of the hands of website operators yet? Why can't I use my ssh-agent to sign in to a website just like I do for about hundred servers, workstations, and my PCs at home? One local password used everywhere that can't be compromised through website stupidity...
This is the way to go. The problem here is that x.509 is the only similar thing for browsers, and x509 requires a ca, which makes the whole process a whole lot more complext than the 'just give me the public half of the key you want to use to authenticate to this service' I mean, unless everyone trusts the same (few) CAs, which has a different set of problems. I haven't found any way that is as simple and as portable as using ssh that works in a web browser. I'm considering re-writing my billing application to be libcurses based or something, and letting users access that through ssh, too. (It would be silly, but it might work for me; it goes along with my schtick.) This would be somewhat suboptimal for things like bandwidth graphs, but eh. but yeah, if someone wants to pass the hat to get an apache module and a firefox addon written to do public key authentication over http using ssh keys, I'd put a couple hundred bucks in the hat.
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 07)
- Re: LinkedIn password database compromised -Hammer- (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised -Hammer- (Jun 07)
- Re: LinkedIn password database compromised Matthew Kaufman (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised David Walker (Jun 07)
- Re: LinkedIn password database compromised Owen DeLong (Jun 07)
- Re: LinkedIn password database compromised Jimmy Hess (Jun 08)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 08)
- Re: LinkedIn password database compromised Luke S. Crawford (Jun 08)
- Re: LinkedIn password database compromised Phil Pishioneri (Jun 13)
- Re: LinkedIn password database compromised Grant Ridder (Jun 13)
- Re: LinkedIn password database compromised AP NANOG (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)
- RE: LinkedIn password database compromised Leo Vegoda (Jun 20)
- Re: LinkedIn password database compromised Pedro (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)
- Re: LinkedIn password database compromised Elmar K. Bins (Jun 20)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)