Hacker News new | comments | ask | show | jobs | submit login

Idiocy such as this is a strong argument for the use of PAKE rather than CA-based authentication. No need to trust anyone other than the site you're trying to connect to: https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

TLDR: Basically, you prove to the website/mail server/sshd that you know your password, while the site simultaneously proves to you that they also know your password (and hence are actually the site you're trying to connect to), all without actually sending the password in either direction. The password is then used to bootstrap symmetric encryption keys.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact