[Cryptography] Security weakness in iCloud keychain
Jon Callas
jon at callas.org
Wed May 9 00:47:37 EDT 2018
> On May 8, 2018, at 6:28 PM, William Allen Simpson <william.allen.simpson at gmail.com> wrote:
>
> On 5/8/18 2:04 AM, Jon Callas wrote:
>> [...] If this manager could go out and change the password for you automagically as well, then as the life of any given random password approaches a single login, then that simple password system approaches the security of that type of two-factor, while gaining the benefit that a stolen database of shared secrets has ever-decaying usefulness, which lowers the incentive to hack that database in the first place. Single factor with automated change is arguably better than two-factor.
> Here we are almost 25 years later back at Photuris....
Yup. And now the patents have all expired.
Jon
More information about the cryptography
mailing list