Reply to post: It is needed a better solution based on public/ private key

Security! experts! slam! Yahoo! management! for! using! old! crypto!

Anonymous Coward
Anonymous Coward

It is needed a better solution based on public/ private key

It is time to end this password mess!

When open standard: SQRL "Secure Quick Reliable Login" becomes available this problem can end once and (hopefully) for ever (at least until quantum computing becomes a problem to Curve25519 technology).

Specially if the person uses a dedicated device just for that, some kind of hardware security module device (so that malware can't crawl in, on some wholesale fashion) but with a screen, camera and some kind of network connectivity to perform the login (wifi, RJ45, 3G, 4G, 5G...).

What is this SQRL? Open standard, uses Curve25519 key pair, the web server receives the public key part that is exclusive to that web site/ account and the user just have one private key that can be used in all web sites/ accounts (that support SQRL system). The user receives something, signs it with its own private key, the web site receive it, compare to the database to find the public key, if it finds it the user is log in. If someone stoles the private key their is in the protocol itself ways to recover from that to.

SQRL doesn't depend on third party's like username & password also don't, unless the web server is outsourcing that to Google or Facebook for example.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon