Date: Sun, 17 Dec 2017 08:01:33 -0500 From: "Denny O'Breham" <obreham@...il.com> To: passwords@...ts.openwall.com Subject: Re: Authentication vs identification «still, when i provide ma passport to a party that wants to ID me, i do not ID myself, they do it to me.» I could say the same thing about authentication: «still, when i provide my password to a party that wants to authenticate me, i do not authenticate myself, they do it to me.» The proof about that is that even if I correctly give the right password, one could still refuse to authenticate me. They do it to me. «the original claim was about the auth requiring smthng.» But to ID someone, I'm required to give something too: my name for example. If I don't do it - if I don't have an active participation - they will never ID me. What is the difference in my level of "participation" in giving my ID or my password? The true difference is that my ID can be known by anyone and my password is only known to me.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ