[Discuss] 19,000 person company passwords stolen via HTTPS
Rich Pieri
richard.pieri at gmail.com
Tue Oct 6 20:39:04 EDT 2015
On 10/6/2015 8:01 PM, Dr. Anthony Gabrielson wrote:
> PGP is not a monolithic data store although it can interface with
> one. DoD encryption boxes are not monolithic. It all depends on the
> model and how trust is defined and established.
/etc/passwd is. So is every web service authentication system that I've
ever seen in production.
> What are your requirements and why?
Reliable, verifiable authentication that scales globally without any
party having more than one set of credentials in their possession.
Because the only way to guarantee that 19,000 company (or 37 million
Ashley Madison) passwords/hashes/ciphers/whatever can't be stolen in a
massive breach is not to have 19,000 company (or 37 million Ashley
Madison) passwords/hashes/ciphers/whatever in one place.
--
Rich P.
More information about the Discuss
mailing list