GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Janneke (janneke@todon.nl)'s status on Tuesday, 21-Jan-2025 23:14:22 JST Janneke Janneke

    Stupid question: I've been waiting for over 25y for websites to start supporting (something much like) ssh public-private key logins.

    Why isn't that happening?

    Yeah, there's all kinds of Facebook/Google login crap that's possibly even worse.

    Most of us have several passwords in public databases because web admins are apparently so incredibly stupid as to store passwords in plaintext.

    In conversation about 4 months ago from todon.nl permalink
    • Embed this notice
      Janneke (janneke@todon.nl)'s status on Wednesday, 22-Jan-2025 00:25:44 JST Janneke Janneke
      in reply to
      • wlo

      @wizard well, the technical know-how of how to use telnet or interpret HTML is also way above the head over normal computer users, yet they manage to send emails and view web pages? Probably because someone wrote a program to help them with that.

      I'm not saying that I expected that using a password should be removed as an option, I just don't understand why it seems there's no sane, (reasonably/much more) safe, free way being developed/adopted to log into websites.

      In conversation about 4 months ago permalink
    • Embed this notice
      wlo (wizard@xyzzy.link)'s status on Wednesday, 22-Jan-2025 00:25:47 JST wlo wlo
      in reply to
      @janneke the technological know-how of managing encryption keys is way above the head of most computer users. backup and usage across multiple devices become exponentially more complicated than just asking people to remember a phrase in their head and emailing them if they can't do that.
      In conversation about 4 months ago permalink
    • Embed this notice
      wlo (wizard@xyzzy.link)'s status on Wednesday, 22-Jan-2025 01:20:14 JST wlo wlo
      in reply to
      • wlo
      @janneke actually now that i look at it, there is some prior art for using a ssh key as a virtual fido device for webauthn: https://github.com/bulwarkid/ssh-passkey
      In conversation about 4 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        GitHub - bulwarkid/ssh-passkey: A utility to use SSH keys as passkeys
        A utility to use SSH keys as passkeys. Contribute to bulwarkid/ssh-passkey development by creating an account on GitHub.
    • Embed this notice
      wlo (wizard@xyzzy.link)'s status on Wednesday, 22-Jan-2025 01:20:15 JST wlo wlo
      in reply to
      @janneke there are ways that work sort of like this though, like fido2 or u2f. i'm not actually super sure of any technical reason why an ssh key specifically couldn't be used in this case, but i think it mostly has to do with web standards and commonly adopted APIs to access that stuff. it would require support from every browser vendor to implement it.
      In conversation about 4 months ago permalink
      Janneke repeated this.
    • Embed this notice
      Janneke (janneke@todon.nl)'s status on Wednesday, 22-Jan-2025 01:21:21 JST Janneke Janneke
      in reply to
      • wlo

      @wizard interesting! Would be great to have that in #Mastodon!

      In conversation about 4 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.