Hacker News new | past | comments | ask | show | jobs | submit login

Because it's a stupid low entropy key put in front of a service that you should be using MUCH harder keys on instead of passwords as of circa the 90s.

You're wanting to add a screen door on a sub, and its just a feel good option for those who don't understand the math involved.

The proper solution is to stop using passwords and use keys or proper cert auth.




I think it goes without saying that you would still want to be using keys instead of passwords for the actual authentication. Port knocking should always be an additional layer, not a replacement layer.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: