[Cryptography] password fatigue; was: Lastpass
Ray Dillinger
bear at sonic.net
Wed Jun 17 14:56:53 EDT 2015
On 06/17/2015 06:32 AM, Thierry Moreau wrote:
> Hi!
>
> Thanks for this well-written review of a central issue.
>
> On 06/17/15 02:37, John Denker wrote:
>>
>> 3c) The only way I can see to solve the password fatigue
>> problem is to get web services to stop asking for a
>> per-site password and instead use some sort of zero-
>> knowledge authentication. Schemes for doing this have
>> been known for a long time.
>> https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
>
> I must admit I never studied the SRP protocol details. I looked at it
> from time to time, however.
SRP is a way for phishers to leverage a single password retrieved
from you by whatever means, into access to pretty much every site
you go to. That's all you really need to know.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150617/1f18c25c/attachment.sig>
More information about the cryptography
mailing list