Hacker News new | past | comments | ask | show | jobs | submit login

Well whoever set that up knows the whole password right?



Nope. It could be system generated and disseminated over secure channels.

Password rotation becomes necessary, and a little bit riskier, because now you have to deal with accidental lock-outs in a sane, coordinated manner.


and who implements the system that generates and disseminates over secure channel?

You are stuck trusting somebody, no matter what. Its turtles all the way down.


Eh, 3 pieces of a randomly generated string... hashed in memory, and only the result of the hash function is stored. Pretty basic concept.

Soon, dear throwaway, you'll be telling me we should live in fear of the locksmiths, for all their key blanks and such fiendish metal files to abrade them with. What if they should file down a butter knife into the shape of my precious bicycle chain's key?


I didn't say you should be afraid, simply that trying to build a system that doesn't require you to trust people is a fools errand.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: