POV-Ray: Newsgroups: povray.off-topic: There's something wrong about...: Re: There's something wrong about...

POV-Ray : Newsgroups : povray.off-topic : There's something wrong about... : Re: There's something wrong about...		Server Time 29 Jul 2024 20:16:45 EDT (-0400)

From: Invisible
Date: 6 May 2011 04:02:02
Message: <4dc3aafa$1@news.povray.org>

On 06/05/2011 00:38, Darren New wrote:

> In either case, sending the "private" key over cleartext and then using
> it for authentication is just as broken as sending your password in
> cleartext. Moreso, because you'd think someone smart enough to use
> encryption for authentication would be smart enough to know that's not
> how you do it.

If you're using passwords for authentication, it's almost infeasible to 
not make the system extremely fragile. Public key authentication is a 
sophisticated system which solves almost all of these problems... except 
that these people managed to do it so completely wrong as to trivially 
circumvent any extra security provided.

Actually, the key they sent us was password protected. And they sent us 
the password in a separate email. But really, how long is it going to 
take a password cracker to figure out the 8-digit random alphanumeric 
code they used for a password? That's even assuming the two emails 
didn't trickle across the Internet right next to each other in the first 
place.

Still, it's not a major company or anything. *cough* Pfizer *cough*

Post a reply to this message