[Cryptography] Toxic Combination

Tony Arcieri tony.arcieri at gmail.com
Sun Nov 30 15:42:23 PST 2014


On Sun, Nov 30, 2014 at 2:58 PM, Alfie John <alfiej at fastmail.fm> wrote:

> I think a better solution would be something like implementing Digest
> Authentication (RFC 2069, but replacing MD5 with something like AES-256
> and allow it to be upgradable) in the browser. The password field value
> would then be replaced with the value from the DA call and no secrets
> would be leaked. This solution would get way faster adoption.


There's also the FIDO Alliance's Universal Authentication Factor:

http://fidoalliance.org/specs/fido-uaf-overview-v1.0-rd-20140209.pdf

-- 
Tony Arcieri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1305 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20141130/c26c817b/attachment-0001.txt>


More information about the cypherpunks mailing list