rosuav at gmail.com
Sun Jan 18 11:00:54 CET 2015
On Sun, Jan 18, 2015 at 1:13 PM, Michael Torrie <torriem at gmail.com> wrote:
> Like many of you I use a password manager these days. It's pretty
> slick. But really it shows the absurdity of the situation. Instead of
> passwords we should all just use private/public keypairs and store the
> private keys in a digital wallet. Forget this password garbage with
> it's 50-70 bits of entropy. Let's go for 2048-bit keys and be done with
> it, if we're going to require the use of password managers.
Easy way to do a lot of that is to layer most things on top of SSH. I
can pull/push git repositories using my SSH keypairs, I can access the
local network mounts that way, all sorts of things can be done with a
system that's already deployed. It's easy to put your own service on
top of SSH too. Want simplicity? Passwords are fine. Want security?
Push the encryption and authentication down to a lower layer, and save
yourself the trouble.
More information about the Python-list