[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
de-peering for security sake
- Subject: de-peering for security sake
- From: damian at google.com (Damian Menscher)
- Date: Sat, 26 Dec 2015 22:17:23 -0800
- In-reply-to: <CAEmG1=ou3ykHUqV4LSsc5AL-Rn1k6GsPK2Rv7Hwj4MaWHuQXTw@mail.gmail.com>
- References: <278703070.5666.1451139598778.JavaMail.mhammett@ThunderFuck> <[email protected]> <-1680641458761921693@unknownmsgid> <[email protected]> <CAEmG1=qXi4Qq=Othy-dVD_94hy5HHee2R=b1=pPO9kVy0oLYFg@mail.gmail.com> <[email protected]> <CAPkb-7Cab3=2Xzmnx6+CJA0B7wBh-pfLOUXVEgFphCWetqfX4w@mail.gmail.com> <[email protected]> <CAEmG1=ou3ykHUqV4LSsc5AL-Rn1k6GsPK2Rv7Hwj4MaWHuQXTw@mail.gmail.com>
On Sat, Dec 26, 2015 at 10:06 PM, Matthew Petach <mpetach at netflight.com>
wrote:
> Thanks for the reminder to look at it from multiple perspectives.
>
The key attribute missing from the discussion so far is that the factors be
*different*, from the set of:
- something you know (password / PIN)
- something you have (keyfob / OTP generator / chip)
- something you are (fingerprint / retina scan)
Claiming a passphrase and key are two "factors" is missing the point --
they both come from the same set (a secret which could be cloned). If you
believe those are two factors then a password alone is 10 factors (one for
each character)! ;)
Damian