> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > On Behalf Of Luke S. Crawford > > what is the advantage of your scheme over traditional public key auth? > (e.g. openssh public keys)
If you generate an ssh key, you have to keep it with you. If you lose it, you cannot authenticate. This is fine in some cases, for some things, particularly where the user is expected to be technical or performing a job or something. Fundamentally, that's the reason why websites and servers often now, authenticate using a password instead of expecting users to have ssh keys. The downside of using password authentication is that users need to send their password to the server. What CBcrypt does is to deterministically and repeatably create the same keypair every time you authenticate using the same password at the same site with the same username. This is *not* as secure as using password protected ssh key authentication, but it's a big improvement for servers that otherwise require users to send a password. And there are a LOT of servers out there that require users to send in their passwords. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
