[Cryptography] Toxic Combination
tony.arcieri at gmail.com
Sun Nov 30 18:42:23 EST 2014
On Sun, Nov 30, 2014 at 2:58 PM, Alfie John <alfiej at fastmail.fm> wrote:
> I think a better solution would be something like implementing Digest
> Authentication (RFC 2069, but replacing MD5 with something like AES-256
> and allow it to be upgradable) in the browser. The password field value
> would then be replaced with the value from the DA call and no secrets
> would be leaked. This solution would get way faster adoption.
There's also the FIDO Alliance's Universal Authentication Factor:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography