Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Dec 2017 15:30:12 +0100
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Authentication vs identification

On 12/16/2017 03:21 PM, Denny O'Breham wrote:
> A token in a cookie.  The user did not give the info in the cookie, it
> was put on his computer by the website, he doesn't even know it
> exists, yet it is used each time he makes a request during his session
> for authentication.

a user and a browser are FALSE ENTITIES in this problem.
the interaction is between the client and the server.
the client authenticates self -- regardless of the technical routines 
going on on the client side, they are irrelevant to the problem altogether.


> 
> On 12/16/17, e@...tmx.net <e@...tmx.net> wrote:
>>> Although authentication typically requires the active participation of the
>>> prover, while identification may not, that is not the crucial distinction.
>>> It would be a mistake to define the difference in those terms.
>>
>> a counterexample?
>>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.