>Thirdly, "bought" 30 million certs?

Oh and yes, that's why we were both laughing our hearts out and calling shenanigan at the same time. As I wrote in my OP, I would have been glad to generate those certs for them for 10,000$ instead of the 30,000,000$ they spent. But hey, a buck a piece for certs is a great deal, isn't it?

The usb key solution was suggested as well but the conclusion was that dumb users would lose their usb keys and that it would become too costly to manage.

In the end, we seem to be doomed unless we educate people.

I agree it is currently. It is funny although what a little education could do but most of the times, educated people are less easy to profit from. Therefore, marketing guys will rarely suggest educating people as a solution.

http://www.isacc.ca/isacc/_doc...

In the end, education and instant knowledge is needed.

I entirely agree but for some, namely the ones who still use symmetric keys, this has become an old school thought.

In Canada, the government bought 30 millions certificates for all its citizens in oder to authenticate for government on line services for a buck a piece. Total: 30,000,000$

I would have been glad to provide it to them for 10,000$ and guess what? All privaye keys were kept centrally ;-) Us, old school guys just couldn't believe it.

The big thinkers/marketing guys decided that it was just to complicated for citizens to manage and keep their secret key in a secure location.

Very nice thoughts. Just to let you know, English ain't my mother tongue.

It would still be English, it is how it evolved.

Vas chier mon tabernacle! Attends que te case le geule en 2!

English is doing fine. I don't see it fading away so quickly.

Cardassian of course

https://en.wikipedia.org/wiki/...

https://en.wikipedia.org/wiki/...

You almost spelled Rivest right:

https://en.wikipedia.org/wiki/...

Keep on the good work!

Just fucking use PKI instead of stupid API keys. Are their API keys PKI or not. See my post above:

http://slashdot.org/comments.p...

then, since 1977:

https://en.wikipedia.org/wiki/...

.bash_history eavesdropping is indeed kidiporn...

Run a WAF, log suspicious packets at the IP level, then you will discover a big underworld...

More like use a fricking passphrase at least to protect your private key and use some kind of agent to save you from typing that passphrase again and again.

I sometimes use passphraseless private key when I control where it is stored but never store a passphraseless private key on line.

Be aware of key loggers and other means to get you passphrase once your private key is stored online also.

Wait! Should I understand they aren't using PKA?

Sorry then, shame on me.