[keycloak-dev] Zero-knowledge proof of password?
Mark True
mtrue at redhat.com
Tue Mar 7 20:31:55 EST 2017
I think the closest people have come to what you describe are things like
FreeOTP or the RSA Firewall fobs. These provide one way passwords that
are based on "what you know" and do not require of transmitting a permanent
password over cleartext.
Hope this helps!
On Tue, Mar 7, 2017 at 6:05 PM, Bill Burke <bburke at redhat.com> wrote:
> What does that even mean? Keycloak's SSL mode can forbid non SSL
> connections. FYI, OIDC requires SSL.
>
>
> On 3/7/17 4:22 PM, Peter K. Boucher wrote:
> > Suppose you don't want your passwords transmitted in the clear after SSL
> is
> > terminated by a proxy.
> >
> >
> >
> > Has anyone developed a secure way for the client to prove they have the
> > password, rather than transmitting it in the body of a post?
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list