[Cryptography] Toxic Combination

Tony Arcieri bascule at gmail.com
Sun Dec 7 03:37:19 EST 2014


On Sat, Dec 6, 2014 at 7:14 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> I just want to see the current browser strategy of "hand over the password
> in plaintext to whoever asks for it" replaced with "perform password-based
> mutual challenge/response auth",


Why not get rid of the password part while we're at it? Passwords suck

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141207/e227faaf/attachment.html>


More information about the cryptography mailing list