[This is kind of getting far afield of mediawiki, but...] Spectre can potentially be used to read your private (bitcoin) keys, so bitauth is just as vulnerable to it as anything else (assuming keys on your computer and not some hardware token setup). The only benefit i see is that bitauth would probably happen in a separate process and the cross process variants of spectre look more difficult to pull off.
As far as different/exotic authentication technologies go, I think U2F would be the way to go. But its all pretty irrelevent to this attack as if you had an unpatched browser and someone did this attack against you, they would probably target your session cookie. (Assuming its available in the process. I dont know enough about different browser architectures to say if thats always true) -- bawolff On Friday, January 5, 2018, Dan Bolser <dan.bol...@gmail.com> wrote: > My favorite solution to the password problem is BitAuth2017. I believe > that Spectre / Meltdown can't beat PoW, but I'm not 100% sure of the > details. > > On 4 January 2018 at 17:29, Denny Vrandečić <vrande...@gmail.com> wrote: > >> I often get emails that someone is trying to get into my accounts. I guess >> there are just some trolls, trying to login into my Wikipedia account. So >> far, these have been unsuccessful. >> >> Now I got an email that someone asked for a temporary password for my >> account. >> >> So far so good. What I am wondering is whether that password reset trial is >> actually even more dangerous now given Spectre / Meltdown? >> >> Thoughts? >> >> (I probably should set up 2FA right now. Have been too lazy so far) >> >> Happy new year, >> Denny >> _______________________________________________ >> Wikitech-l mailing list >> Wikitech-l@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
