Full Disclosure mailing list archives
Re: OpenID. The future of authentication on the web?
From: "Pedro Hugo" <fractalg () highspeedweb net>
Date: Mon, 24 Mar 2008 06:16:40 -0500 (EST)
The correct solution, IMO, would be an encrypted password vault,stored on a USB drive and only available through the use of a password and some other form of identification (biometric, etc.) What about kiosks and other situations where it wouldn't be secure to allow arbitrary people to insert USB keys? This vault requires a support system of some kind; does there need to be software on the system to read it? Do you trust that software?
And even encryption solution have their problems as the key recovery from ram paper has shown... If we use public/private keys with SSH, why not use it with more services, like web ones ? :) Keys owners would have the responsability to manage their keys (password recovery procedures substituted by key procedures) and their passwords... Of course it would take a long time to deploy and teach the general public about it, but isn't that what security pros are trying to do for a long time ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: OpenID. The future of authentication on the web?, (continued)
- Message not available
- Re: OpenID. The future of authentication on the web? Kern (Mar 23)
- Message not available
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 23)
- Re: OpenID. The future of authentication on the web? reepex (Mar 23)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 23)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 23)
- Re: OpenID. The future of authentication on the web? Pedro Hugo (Mar 24)
- Re: OpenID. The future of authentication on the web? Paul Schmehl (Mar 24)
- Re: OpenID. The future of authentication on the web? reepex (Mar 23)
- Re: OpenID. The future of authentication on the web? Kurt Buff (Mar 23)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Larry Seltzer (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)
- Re: OpenID. The future of authentication on the web? John C. A. Bambenek, GCIH, CISSP (Mar 24)
- Re: OpenID. The future of authentication on the web? Petko D. Petkov (Mar 24)