[Cryptography] Toxic Combination

Lodewijk andré de la porte l at odewijk.nl
Mon Dec 1 10:25:02 EST 2014

The obvious solution is a single-sign-on per browser, where the browser
manages individual websites' ID's. Then the browser can use the (wide!)
selection of undisproven cryptography to make the rest happen (handshake
the server, send a derivative of the password, derive off of private
information a PFS ID that can still carry reputation, whatever).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141201/d8adff18/attachment.html>

More information about the cryptography mailing list