Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Why aren't PGP and SSH keys popular as a second factor?

0
0

One of the major up-and-coming MFA methods is U2F, which relies on an initial key exchange and challenge-response mechanism.

It's a relatively new protocol, and is only starting to see more widespread adoption, notably among big web entities like Google, but it's not the first easy-to-use, key-exhchanging, challenge-responding mechanism out there; in fact, two come to mind quite easily:

SSH, which has been around since 1995 and is available on essentially every linux and BSD box set up since 2000, with growing adoption on windows via add-on software in older versions and built-in software in newer versions; and

PGP, which has been around since 1991, and is actually included on some of the newer Yubikeys (albeit, controversially, with a closed-source implementation in the latest generation), as well as on millions of PCs worldwide, with plenty of high-quality, actively-maintained implementations and libraries for a slew of OSes.

It seems like it would make perfect sense to use either of these widely-available protocols/standards (respectively) as an MFA mechanism for more than just SSHing into a remote machine or encrypting email; so why haven't either gained any traction where U2F is booming?


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles



click here for Latest and Popular articles on Mesothelioma and Asbestos


Latest Images