|
|
|
|
|
|
by jjav
1620 days ago
|
|
|
More generically than "shared secret" which is one implementation, the idea is shared trust. We both (client and server) trust some common background info. It can't be hand-waved away because that trust must exist or be established. Shared secrets (passwords) are close to an optimal solution when considering all possible criteria. Various forms of PAKEs can be better sometimes, but not very popular. Other solutions address different threat models, often with more significant tradeoffs than a shared secret. |
|
|