> My point was only about the advantage of p9sk3 over p9sk1, not to > compare it with anything else. The intent was to counter the implication > that p9sk1 is terrible and completely broken, by suggesting that the
One error in our naming is that it might imply dp9ik completely replaced p9sk1. quickly googling for the terms reveals others have amplified this misunderstanding. Instead, dp9ik *extends* the p9sk1 by an additional authentication procedure. Forgive the confusion everybody. > (with no change to the protocol on-the-wire). Of course it doesn't mitigate > the problem of users negligently choosing weak passwords. dp9ik has the > extra advantage of doing that too, by removing the opportunity for offline > dictionary attacks. Thank you for finding a better way to phrase that one also. This was indeed one of cinap's design goals. It is pretty near to the minimal amount of changes needed in the system that would achieve secure continued use of passwords with the same user experience as before. I have not seen another implementation that does quite the same either in the real world. Remember, everybody else just gave up on passwords, while here, passwords are now secure by design: Secure your authservers well, and you will have a very very modern and extremely unique security system, unalike anything else out there. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M5da7bb9c49b6387cc74e0a3b Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
