[Full-disclosure] OpenID. The future of authentication on the web?
fractalg at highspeedweb.net
Mon Mar 24 11:16:40 GMT 2008
>>>The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people to insert USB keys? This vault requires a support
> system of some kind; does there need to be software on the system to
> read it? Do you trust that software?
And even encryption solution have their problems as the key recovery from
ram paper has shown...
If we use public/private keys with SSH, why not use it with more services,
like web ones ? :)
Keys owners would have the responsability to manage their keys (password
recovery procedures substituted by key procedures) and their passwords...
Of course it would take a long time to deploy and teach the general public
about it, but isn't that what security pros are trying to do for a long
Full-Disclosure is hosted and sponsored by Secunia.