Hacker News new | ask | show | jobs
by lisper 2360 days ago
Because in order to prove that you know the secret you have to reveal the secret. That makes it unavoidably vulnerable to phishing.
1 comments
nine_k 2360 days ago
Not necessarily.

To prove that I have a secret key, I encrypt something of your choosing, and you decrypt it with a public key. This is enough proof, and private parts remain unexposed.

link
lisper 2360 days ago
Re-read the question to which I was responding: "what's wrong with username and password?"
link