[python-committers] Security: please enable 2-factor authentication on GitHub and your email
Stefan Krah
stefan at bytereef.org
Mon Dec 11 08:07:34 EST 2017
On Mon, Dec 11, 2017 at 08:00:37AM -0500, Alex Gaynor wrote:
> It's possible to generate a key on a regular computer and transfer it to a
> YubiKey if you prefer. (It's not like software key generation has been
> flawless either; [OpenSSL/Debian fiasco]. Oh well, such is life).
Thanks, I did not know that.
I'm still against overuse of public key cryptography (also in home
banking). The reason is simply that *if* you're the victim of a
key generation screwup that is not yet publicly known, you have a lot
of explaining to do.
This is one of the standard reasons many cryptography experts give
against home banking using card readers.
It puts all the responsibility on the customer/user.
Stefan Krah
More information about the python-committers
mailing list