Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: discostu

“doesn’t even use your password”

Got it. How about using the public-private key scheme that’s used for things like sending credit card numbers. I the user would create a private/public key pair and send the public key to the service I wanted to access. They’d send me a password encrypted with the public key. I’d decrypt it with the private key that only I had. Then I’d send them the password which would be usable only that one time.

Just thinking out loud.


54 posted on 06/09/2021 11:08:02 AM PDT by cymbeline
[ Post Reply | Private Reply | To 50 | View Replies ]

To: cymbeline

The problem with passwords is like what we’ve got in this story. They get stored somewhere. And if they get stored in plain text, or even encrypted if there’s a large enough quantity of data, they can be stolen. Also they get transmitted from your browser to the server, and if that happens in plain text they can be stolen. And you have to type them in and if somebody got a keystroke logger on your machine they’ve got your password.

That’s the big benefit of the token system, it doesn’t matter if gets stolen. Since that token is only useful for your machine for about an hour everybody in the world could get your token, it does them no good.


59 posted on 06/09/2021 11:36:49 AM PDT by discostu (Like a dog being shown a card trick )
[ Post Reply | Private Reply | To 54 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson