If a pass-phrase is lost, a new one can be generated and emailed to the monk using their public key.
That would be really cool except for one little problem: what happens if I forget the password to my private key? I used to do that regularly, because I didn't decrypt messages very often.
Now, when someone logs in, they first encrypt their pass-phrase with the monks public key, insert it into the pass-phrase text area and submit.
You need to prevent someone from capturing and reusing my encrypted password, too. See my comment on nonces elsewhere in this thread.
Of course we can still use our current cookie method of remembering who we are to limit the need for this.
If you do this, my cookie essentially becomes my password, because anyone who has my cookie can make the system think he's me. Cookies are stored in plaintext on the user's computer. Cookies are sent across the network in plaintext. Not good for security.
Beware, however, if we are at a location that doesn't have a tool for encryption, we won't be able to login.
I think this is a deal-breaker for most web apps.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
Outside of code tags, you may need to use entities for some characters:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||