undefined | Better HN

0 pointstptacek8y ago0 comments

But there's really nothing "cryptographic" about an isolated authentication service. To drive the point home, and don't do this, but if you (1) used dedicated hardware to run it, (2) IP filtered the box down to just HTTPS, and (3) ran the service using Go, Rust, or Java Servlets, you probably wouldn't even need to use a good password hash.

I'm only talking about the AuthN problem, by the way. I'm not making a general argument against circuit breaker architectures.

0 comments

bigmac8y ago

Folks need to worry about being able to protect more than just passwords. Engineers should be doing a good job of protecting SSNs, phone numbers, home addresses, etc. Crypto-anchoring can help for the general case of protecting sensitive information, not just passwords. `select *` shouldn't give anything in your infrastructure bulk access to sensitive information. The 'cryptographic' thing here is per-record encryption.

tptacekOP8y ago

I think tokenizing services are a very good idea in general. I just think there are easier and more effective ways to handle the AuthN problem.

j / k navigate · click thread line to collapse

0 pointstptacek8y ago0 comments

I'm only talking about the AuthN problem, by the way. I'm not making a general argument against circuit breaker architectures.

0 comments

bigmac8y ago

tptacekOP8y ago

I think tokenizing services are a very good idea in general. I just think there are easier and more effective ways to handle the AuthN problem.

j / k navigate · click thread line to collapse