Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Why aren't PGP and SSH keys popular as a second factor?

0
0

One of the major up-and-coming MFA methods is U2F, which relies on an initial key exchange and challenge-response mechanism.

It's a relatively new protocol, and is only starting to see more widespread adoption, notably among big web entities like Google, but it's not the first easy-to-use, key-exhchanging, challenge-responding mechanism out there; in fact, two come to mind quite easily:

SSH, which has been around since 1995 and is available on essentially every linux and BSD box set up since 2000, with growing adoption on windows via add-on software in older versions and built-in software in newer versions; and

PGP, which has been around since 1991, and is actually included on some of the newer Yubikeys (albeit, controversially, with a closed-source implementation in the latest generation), as well as on millions of PCs worldwide, with plenty of high-quality, actively-maintained implementations and libraries for a slew of OSes.

It seems like it would make perfect sense to use either of these widely-available protocols/standards (respectively) as an MFA mechanism for more than just SSHing into a remote machine or encrypting email; so why haven't either gained any traction where U2F is booming?


Viewing all articles
Browse latest Browse all 12749