[sf-lug] passphrase
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Sat Dec 22 01:36:35 PST 2007
On Dec 22, 2007 1:19 AM, Alex Kleider <a_kleider at yahoo.com> wrote:
> Thank you Rick for that explanation: I had read about the
> public/private key pairs and how that cleverly allows encryption
> without a preliminary exchange of encryption keys but it had never
> occurred to me about the problem of keeping the private key truly
> private while it sits on a multiuser machine. Now I get how the pass
> phrase fits into the picture.
Strong Authentication is a term used to describe when you have two
forms of security access control implemented. There are three forms:
something you are, something you have, and something you know. In
this case, it would not qualify as being "strong" if you did not set a
password, because anyone could steal your key and get in (something
THEY have now). If you set a password, they could also need to
convince you to divulge that as well. If you implement all three, say
using biometric authentication, even better :-)
--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."
More information about the sf-lug
mailing list