CAcert Code Development list.

[Faramir <faramir.cl AT gmail.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 28-09-2011 4:21, ianG escribió:
...
> OK, got it, thanks!  Musing... the upper bounds in security of a 
> password are:
> 
> * security of storage of the user + memory capacity of user, +
> security of encrypted store in laptop, Or, + location of scribbled
> piece of paper and propensity for fire. * transfer capacity from
> store to password dialog + typing, Or + cut & paste. * channel from
> dialog to backend. * security at backend + hash strength, + encrypt
> strength (in encrypted).
> 
> Complicated.  So, we'd dodge a lot of bullets if we just used
> client certs.

  Then we would have to consider the security of the storage device
where the certificate is (is the certificate store protected by
something?).
  Also, reliability of the storage device (if my hdd crashes, I can
still remember my password, but I can't reproduce my certificate).
  Expiration of the certificate (passwords don't expire, but
certificates do).

   Certainly using a certificate is a lot easier than using a password
(I'd rather use it than my password), and you don't have to worry
about somebody watching your fingers while you login. But it is also
desirable to have something that doesn't expire and is not stored on
an electronic device, in case of need.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJOg2DyAAoJEMV4f6PvczxAObwH/08249GdMjrgHJBBSkNTG1+7
LihU3fU/qfdFzWv+p5imctnt4mZHEwPBdgimND+Qty4SGE4pPMxOsIgvCeMnhRp2
ksiUzcKMIjFkmF/fn+xHsbR4VSieS0nNYLoCIqPX8HzDFf6DCtC+Cbs4+8EAKXpi
YvpnY3W0lrycFdI2QhOxx7HeEdu0Xhvs27L9r+NZVH5zL4JUoaUcQKYQAYc4sI3n
RdKZFuezaH/Ik/D8ooaZEgOIflDfZVBtW5opALX43BhyqcvQqpftW5Cruuopl7Ry
lHdxXPXic4fnG2/I+ifj/RrT1OQLZLedS84YryOeYwl57zlXeScR+ZJ6oSoQmww=
=aQGA
-----END PGP SIGNATURE-----