undefined | Better HN

0 pointsmtgx8y ago0 comments

> The proposed SQRL scheme derives all application specific keys from a single master key. This essentially provides a single juicy target for attackers to go after.

That sounds like the same problem password managers have. And yet they are still recommended over (re-)using your own passwords for each website.

0 comments

teraflop8y ago

The crucial difference is that with a password manager, passwords are protected by a master key, but not derived from it. So you can rotate passwords whenever you want, either proactively or reactively, mitigating the effects of a password database compromise.

j / k navigate · click thread line to collapse

0 pointsmtgx8y ago0 comments

> The proposed SQRL scheme derives all application specific keys from a single master key. This essentially provides a single juicy target for attackers to go after.

That sounds like the same problem password managers have. And yet they are still recommended over (re-)using your own passwords for each website.

0 comments

teraflop8y ago

j / k navigate · click thread line to collapse