[keycloak-dev] Zero-knowledge proof of password?
mtrue at redhat.com
Tue Mar 7 20:35:58 EST 2017
I did a bit of looking for a non-interactive version of OTP, and I managed
to find this:
I don't know if this answers your question, but I found it an interesting
Hope this helps!
On Tue, Mar 7, 2017 at 8:31 PM, Mark True <mtrue at redhat.com> wrote:
> I think the closest people have come to what you describe are things like
> FreeOTP or the RSA Firewall fobs. These provide one way passwords that
> are based on "what you know" and do not require of transmitting a permanent
> password over cleartext.
> Hope this helps!
> On Tue, Mar 7, 2017 at 6:05 PM, Bill Burke <bburke at redhat.com> wrote:
>> What does that even mean? Keycloak's SSL mode can forbid non SSL
>> connections. FYI, OIDC requires SSL.
>> On 3/7/17 4:22 PM, Peter K. Boucher wrote:
>> > Suppose you don't want your passwords transmitted in the clear after
>> SSL is
>> > terminated by a proxy.
>> > Has anyone developed a secure way for the client to prove they have the
>> > password, rather than transmitting it in the body of a post?
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
More information about the keycloak-dev