[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?
Theodore Ts'o
tytso at mit.edu
Fri Feb 10 15:31:35 EST 2017
On Sat, Feb 11, 2017 at 04:33:55AM +1000, James A. Donald wrote:
> > .... why are we wasting time discussing his solution (other than he's
> > acting like an obnoxious boor?)
>
> We are talking hypothetical vaporware that costs money and uses a usb slot,
> and cannot work with cellphones for shortage of usb slots, versus
> hypothetical vaporware that could be standard software on every system.
>
Actually, there are U2F security keys which are Bluethooth Low Energy
enabled, as well as U2F keys that support NFC, both of which can work
with Android phones. Both of which are available today on Amazon.
I'm less sure about iOS support, since I don't track this area super
closely. I'm a user of this technology, not a developer.
The BLE U2F devices do require charging every few months, but despite
that, in my experience they are far more convenient than the NFC
variants, since you don't need to carefully place the key at the right
place at the back of the phone; you just have to push a button
instead.
So this is not vaporware, in that there *are* multiple sites/services
which are using U2F. Maybe not the one you are interested in, but see
also "there exists open source code". That's not far *less* vaporware
than Joseph Kilcullen's proposed solution, for which as far as I know
there is *no* deployed code or sites/services using it. And who knows
what the patent licensing fees will be....
- Ted
More information about the cryptography
mailing list