[Cryptography] client certificates ... as opposed to password hashing
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue May 27 19:47:01 EDT 2014
Joe St Sauver <joe at oregon.uoregon.edu> writes:
>Or, for that matter, a determined individual can just do it the "hard way,"
>as described in
>http://pages.uoregon.edu/joe/secprof2012/sec-prof-2012-client-certs.pdf
That's 192 pages of very dense slides, I'd see it as more of an argument
against using client certs than anything else. Compare that to this article:
http://www.linuxvoice.com/be-a-kernel-hacker/
which runs to about a dozen pages when printed, which tells you how to write
your own Linux kernel module. That's less than one-tenth the size, and it's a
guide on writing not some basic hello world program but a kernel module.
So I think the lesson from that would be "if it takes 192 pages of text to
explain how to do X then you probably shouldn't be doing X".
Peter.
More information about the cryptography
mailing list