Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While technically correct, a private key will usually need to be encrypted to provide adequate security.

From the user point of view, they will still need to remember the password to unlock this private key.



Further to this point, the shared item is moved to a public key and the infrastructure to facilitate communication. Such that it is not a panacea. Getting away from trust in the system is...

Likely you will envision a system to register your key. And then you have to have a bootstrap to authenticate to this system. Probably a password.


Right, if it’s not a panacea then we should definitely not pursue it.


Not my point. Just not clear that the alternatives actually are better. Again, I use hardware tokens. Not seeing my family join me on that anytime soon.

List of problems with every approach always falls back to, "what happens if you lose it?"

And the resolution to that is always outside of the technical chain.


But from a security point of view this is a massive improvement! That password is never shared with anyone else. Someone has to first get ahold of your private key before they can start brute forcing that password in order to steal credentials. This is not a trivial thing! Plus users only need that one password, not a unique one for every website/app.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: