LinkedIn password database compromised
Visgean Skeloru
visgean at gmail.com
Fri Jun 22 14:02:33 PDT 2012
About six months ago I had a previous idea and I have found following:
https://www.gnu.org/software/gnutls/ http://enigform.mozdev.org/
https://github.com/firegpg/firegpg/tree/master/content/GpgAuth
http://gpgauth.org/ but none of them seems to be user friendly...
2012/6/20 Eugen Leitl <eugen at leitl.org>
> ----- Forwarded message from Leo Bicknell <bicknell at ufp.org> -----
>
> From: Leo Bicknell <bicknell at ufp.org>
> Date: Wed, 20 Jun 2012 12:43:44 -0700
> To: nanog at nanog.org
> Subject: Re: LinkedIn password database compromised
> Organization: United Federation of Planets
>
> In a message written on Wed, Jun 20, 2012 at 03:30:58PM -0400, AP NANOG
> wrote:
> > So the question falls back on how can we make things better?
>
> Dump passwords.
>
> The tech community went through this back in oh, 1990-1993 when
> folks were sniffing passwords with tcpdump and sysadmins were using
> Telnet. SSH was developed, and the problem was effectively solved.
>
> If you want to give me access to your box, I send you my public
> key. In the clear. It doesn't matter if the hacker has it or not.
> When I want to log in I authenticate with my private key, and I'm
> in.
>
> The leaks stop immediately. There's almost no value in a database of
> public keys, heck if you want one go download a PGP keyring now. I can
> use the same "password" (key) for every web site on the planet, web
> sites no longer need to enforce dumb rules (one letter, one number, one
> character your fingers can't type easily, minimum 273 characters).
>
> SSL certificates could be used this way today.
>
> SSH keys could be used this way today.
>
> PGP keys could be used this way today.
>
> What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
> Microsoft IE developers and so on need to get their butts in gear
> and make a pretty UI to create personal key material, send the
> public key as part of a sign up form, import a key, and so on.
>
> There is no way to make passwords "secure". We've spent 20 years
> trying, simply to fail in more spectacular ways each time. Death to
> traditional passwords, they have no place in a modern world.
>
> --
> Leo Bicknell - bicknell at ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
>
>
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>
--
GPG pub key<http://keyserver.pgp.com/vkd/SubmitSearch.event?SearchCriteria=visgean%40gmail.com>
| github/visgean <http://github.com/Visgean> | jabber <visgean at jabber.cz>
More information about the cypherpunks-legacy
mailing list