神刀安全网

Why aren't PGP and SSH keys popular as a second factor?

One of the major up-and-coming MFA methods is U2F, which relies on an initial key exchange and challenge-response mechanism.

It’s a relatively new protocol, and is only starting to see more widespread adoption, notably among big web entities like Google, but it’s not the first easy-to-use, key-exhchanging, challenge-responding mechanism out there; in fact, two come to mind quite easily:

  • SSH, which has been around since 1995 and is available on essentially every Linux and BSD box set up since 2000, with growing adoption on Windows via add-on software in older versions and built-in software in newer versions; and

  • PGP, which has been around since 1991, and is actually included on some of the newer Yubikeys (albeit, controversially, with a closed-source implementation in the latest generation), as well as on millions of PCs worldwide, with plenty of high-quality, actively-maintained implementations and libraries for a slew of OSes.

It seems like it would make perfect sense to use either of these widely-available protocols/standards (respectively) as an MFA mechanism for more than just SSHing into a remote machine or encrypting email; so why haven’t either gained any traction where U2F is booming?

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Why aren't PGP and SSH keys popular as a second factor?

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址