@sitnik_ru well public key can leak, no? | Niki Tonsky

Niki's posts Post Back to profile

@sitnik_ru well public key can leak, no?

Like 23 September at 15:29 | Open on mastodon.online

5 comments

Kirill Chernyshov

@nikitonsky @sitnik_ru yes, but that is its purpose.

23 September at 16:50 | Open on mastodon.social

@dotfox @sitnik_ru sure, it’s just Andrey tried to say it is somehow an unique attribute of passkeys, which is wrong. Normally website DBs don’t store user passwords either, so these can’t leak either. They store emails, which in passkey case is the same as storing public part

23 September at 21:12 | Open on mastodon.online

Андрей Ситник

@nikitonsky can. But with a public key you can't login. For login you sign random data from the server with a private key and send a signature to the server.

So public key leakage has no security issues for you.

23 September at 18:38 | Open on mastodon.social

@sitnik_ru same with email

23 September at 21:09 | Open on mastodon.online

Андрей Ситник

@nikitonsky email is a user’s global ID, not a secret.

The public key is unique for each website and can't be used to identificate users.

A public key is better than a password hash because of the better crypto methods behind (it is hard to do hash right).

24 September at 9:15 | Open on mastodon.social