Why haven't asymmetrical keys replaced passwords yet?

imagined security scheme:
1.Generate public/private key pair
2. share public key when creating account with whomever.
3. when logging in, account will send you random string
4. your browser will encrypt string with private key
5. account will decrypt string with your public key, if it is the same string they sent, you are authenticated.

Follow

@zacharius Keep in mind that with PKI you can have entirely unauthenticated /transactions/, by instead authenticating / encrypting /content/.

Post to site, and GPG-sign post. Send private message, encrypted to recipient.

Problem here is that there's massive metadata leakage. CCC have covered this in recent years IIRC.

There's also the directory / routing problem.

Sign in to participate in the conversation
mastodon.cloud

Recently, the handling of online defamation has become a hot topic on many mass media as well as social media channels. News Article for Reference: https://www.jiji.com/sp/article?k=2020052500387 In response to these reports, it is expected that lawsuits and disclosure requests will become more publicly known; and government agencies will order stricter enforcement in addition to tightening regulations. However, under the current state of Japan, we will not be able to handle the increase of such administrative burdens and will have trouble dealing with it appropriately. Thus, we have decided to stop providing our service on mstdn.jp and mastodon.cloud starting June 30, 2020. We are very sorry for the inconvenience and appreciate your understanding on the matter.