Re: [webauthn] Proposal for password-only authentication using ES256 (#2091) from Firstyear via GitHub on 2024-07-05 (public-webauthn@w3.org from July 2024)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Fri, 05 Jul 2024 05:10:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2210186762-1720156254-sysbot+gh@w3.org>

PAKEs would indeed be better. It doesn't take long looking at past technologies like kerberos to see how simplying using a KDF is open to attacks. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2091#issuecomment-2210186762 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 5 July 2024 05:10:57 UTC