Public key crypto doesn't help much if your private keys get stolen, which was e... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

hn_throwaway_99 on Nov 16, 2021 | parent | context | favorite | on: Security issue related to the NPM registry

Public key crypto doesn't help much if your private keys get stolen, which was essentially what happened with some of the recent hacked packages and which is why they're now starting to enforce 2FA.

woodruffw on Nov 17, 2021 | [–]

The longer term solution to this is public key signatures with an ephemeral key, rooted to some trusted identity source (e.g., a GitHub account with strong 2FA). There’s lots of work on that front coming out of the Open Source Security Foundation.

onefuncman on Nov 17, 2021 | [–]

are you really using private keys without a passphrase in 2021?

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact