With all this heartbleed stuff going around ... And major service providers
declaring to all internet users, "Change all your passwords everywhere," it
suddenly seems like a good idea to use something like CBCrypt, huh. Because
if attackers attack a server and discover your password, you have
> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> On Behalf Of Luke S. Crawford
>
> what is the advantage of your scheme over traditional public key auth?
> (e.g. openssh public keys)
If you generate an ssh key, you have to keep it with you. If you lose it, you
cannot
what is the advantage of your scheme over traditional public key auth?
(e.g. openssh public keys)
On 03/24/2014 07:10 PM, Edward Ned Harvey (lopser) wrote:
If you login to servers that utilize bcrypt, scrypt, pbkdf2, etc, to
salt & stretch your password for storage in a backend database, then
