Why haven't asymmetrical keys replaced passwords yet?
imagined security scheme:
1.Generate public/private key pair
2. share public key when creating account with whomever.
3. when logging in, account will send you random string
4. your browser will encrypt string with private key
5. account will decrypt string with your public key, if it is the same string they sent, you are authenticated.
pretty sure this could all be done over http, with a browser extension to handle the authentication on client end
@zacharius I think that this in basically what WebAuthn is doing (with the addition of username-like features and per-website key pairs). https://developers.google.com/web/updates/2018/05/webauthn
Mastodon instance for attendees of Refactor Camp, and members of various online/offline groups that have grown out of it. Related local groups with varying levels of activity exist in the Bay Area, New York, Chicago, and Austin.
Kinda/sorta sponsored by the Ribbonfarm Blogamatic Universe.
If you already know a few people in this neck of the woods, try and pick a handle they'll recognize when you sign up. Please note that the registration confirmation email may end up in your spam folder, so check there. It should come from administrator Zach Faddis.