Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Server certs are a different issue. If OpenSSH, by default, sent SHA256(logged in user’s password) to the server, even after verifying the cert, it would get laughed out of the toolbox of security-conscious users.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: