Re: [Full-disclosure] OpenID. The future of authentication on the web?

["Pedro Hugo" <fractalg@xxxxxxxxxxxxxxxx>]

>>>The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people to insert USB keys? This vault requires a support
> system of some kind; does there need to be software on the system to
> read it? Do you trust that software?
>

And even encryption solution have their problems as the key recovery from
ram paper has shown...

If we use public/private keys with SSH, why not use it with more services,
like web ones ? :)
Keys owners would have the responsability to manage their keys (password
recovery procedures substituted by key procedures) and their passwords...

Of course it would take a long time to deploy and teach the general public
about it, but isn't that what security pros are trying to do for a long
time ?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/