[sigh]<p>Steve Gibson, the man who claimed Windows raw sockets would destroy the internet and doesn’t understand how SYN cookies can stop DoS attacks has a solution for all my authentication and authorization needs? Well hot damn, let me click past his impassioned plea that the world needs hand coded x86 assembly disk utilities in 2019, and see what he has to say...<p>...And 2 pages into the PDF I’m out.<p>The sole thing keeping Steve Gibson from being this weeks Dunning-Kruger poster boy of technical security bullshit is that is someone decided to sue Blackhat after claiming numerology breaks modern crypto.<p>Snark and bitterness aside, Please stop giving this man a platform. It’s hard enough getting organizations to make a rational cost benefit analysis based security decisions. His noise is making things worse.
Good lord. That page is like something out of the late 1800s. I expect some guy with a tophat and a waxed mustache to pop up saying “What you got here is a bonafied, superfied, securitized login experience.”<p>SQRL may be great, but presentation counts. Presenting documentation as giant PDFs with no internal linking?<p>But I really got turned off when I read that it only does single-factor login.
So I’ve been listening to Security Now for years, and SQRL has been something I’ve followed along with. But I never see it discussed elsewhere.<p>Is there some fatal flaw with Steve’s idea? It sounds great to me, but I’m no cryptographer.