BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Steve Gibson's SQRL
- Subject: [Discuss] Steve Gibson's SQRL
- From: tmetro+blu at gmail.com (Tom Metro)
- Date: Wed, 25 Feb 2015 10:27:26 -0500
- In-reply-to: <BN3PR0401MB12045C01637C3E6CAF0B2407DC170@BN3PR0401MB1204.namprd04.prod.outlook.com>
- References: <54ED34F4.4060909@gmail.com> <BN3PR0401MB12045C01637C3E6CAF0B2407DC170@BN3PR0401MB1204.namprd04.prod.outlook.com>
Edward Ned Harvey wrote: > SQRL is something you have - it's yet another key manager... It's not quite so black-and-white. The master key is encrypted with a pass phrase, so that's something you know. I believe the master key isn't directly derived from the pass phrase, so you still need to "have" the key in some way. > I am in favor of 2-factor authentication, involving something you > know, *and* something you have. The decryption of the master key could involve a 2nd (3rd?) factor. > cbcrypt.org...takes hostid, username, and password, and converts them > into an asymmetric keypair. Only the public key gets exposed to the > server, so the server is able to confirm that *you* know your secret, > without the server actually knowing your secret. SQRL uses an identical mechanism, but uses different source material for the site-specific key. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
- References:
- [Discuss] Steve Gibson's SQRL
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] Steve Gibson's SQRL
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Steve Gibson's SQRL
- Prev by Date: [Discuss] Steve Gibson's SQRL
- Next by Date: [Discuss] Steve Gibson's SQRL
- Previous by thread: [Discuss] Steve Gibson's SQRL
- Next by thread: [Discuss] Steve Gibson's SQRL
- Index(es):
