Comment on Passkeys might really kill passwords
scorpionix@feddit.de 4 months agoI strongly disagree. That’s like using MD5 and saying ‘It’s OK, we use SHA256 down the line’. Information encrypted with it might as well be in plain text.
Comment on Passkeys might really kill passwords
scorpionix@feddit.de 4 months agoI strongly disagree. That’s like using MD5 and saying ‘It’s OK, we use SHA256 down the line’. Information encrypted with it might as well be in plain text.
frezik@midwest.social 4 months ago
That’s not how that works. If you were using MD5 and then immediately SHA256 the output and not using it for anything else, that would be fine. You’re not accomplishing much in this specific case, but it’d be fine.
When you layer security, the attacker has to pull back each layer. You don’t rely on any singular layer. If the attacker needs biometrics AND a code AND a physical key, that’s very good security.