[Cryptography] So please tell me. Why is my solution wrong?

L Jean Camp ljcamp at indiana.edu
Wed Feb 15 12:29:04 EST 2017


James, I use this every day for gmail and for my IU accounts. Here is proof
of existence.  I will put up our draft tech report of a usability study
later today.

https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/?gclid=CjwKEAiAlZDFBRCKncm67qihiHwSJABtoNIgKc2Vj5RTXVm2Jop7NzzDCZ1DhlLz81kQJPfYDcXhGxoCT_Hw_wcB

And, fyi, Sec Clinton's server was apparently the only one that was not
hacked. DNC was. State was. NSA/Snowden.

"James A. Donald" <jamesd at echeque.com>
To: Theodore Ts'o <tytso at mit.edu>
Cc: cryptography at metzdowd.com
Subject: Re: [Cryptography] [FORGED] Re: So please tell me. Why is my
        solution wrong?
Message-ID: <5d071fe0-7b8a-5913-92e1-55841aa6496c at echeque.com>
Content-Type: text/plain; charset=utf-8; format=flowed

On 2/11/2017 6:31 AM, Theodore Ts'o wrote:
> So this is not vaporware, in that there *are* multiple sites/services
> which are using U2F.

True, but neither I, nor secretary of State Hillary Clinton, would have
been happy with those sites and services.

Further, because id dongles are proprietary and costs money, can never
become a universal standard - and we only get real security if secure
stuff becomes a universal standard the way regular email is standard now.

Right now, banks are pushing people to use security devices, and the
device generates a use once password, and they make you type in the use
once password every time you authorize a transaction. It is a pain in
the ass.   Having dongles where you just press a button would be much
better, so don't tell me that they are available right now.   If they
were available right now I would use them, the banks would use them, and
Secretary of State Hillary Clinton would have used them.





Prof. L. Jean Camp
http://www.ljean.com

Human-Centered Security
http://usablesecurity.net/

Make a Difference
http://www.ieeeusa.org/policy/govfel/congfel.asp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170215/d3113d39/attachment.html>


More information about the cryptography mailing list