Hello World

Chris Angelico rosuav at gmail.com
Sun Jan 18 11:00:54 CET 2015


On Sun, Jan 18, 2015 at 1:13 PM, Michael Torrie <torriem at gmail.com> wrote:
> Like many of you I use a password manager these days.  It's pretty
> slick.  But really it shows the absurdity of the situation.  Instead of
> passwords we should all just use private/public keypairs and store the
> private keys in a digital wallet.  Forget this password garbage with
> it's 50-70 bits of entropy.  Let's go for 2048-bit keys and be done with
> it, if we're going to require the use of password managers.

Easy way to do a lot of that is to layer most things on top of SSH. I
can pull/push git repositories using my SSH keypairs, I can access the
local network mounts that way, all sorts of things can be done with a
system that's already deployed. It's easy to put your own service on
top of SSH too. Want simplicity? Passwords are fine. Want security?
Push the encryption and authentication down to a lower layer, and save
yourself the trouble.

ChrisA



More information about the Python-list mailing list