[Cryptography] Toxic Combination

Tony Arcieri tony.arcieri at gmail.com
Sun Nov 30 18:42:23 EST 2014

On Sun, Nov 30, 2014 at 2:58 PM, Alfie John <alfiej at fastmail.fm> wrote:

> I think a better solution would be something like implementing Digest
> Authentication (RFC 2069, but replacing MD5 with something like AES-256
> and allow it to be upgradable) in the browser. The password field value
> would then be replaced with the value from the DA call and no secrets
> would be leaked. This solution would get way faster adoption.

There's also the FIDO Alliance's Universal Authentication Factor:


Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141130/c26c817b/attachment.html>

More information about the cryptography mailing list