cybersecurity

3861 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

How to Set Up Your Online Identity on Keyoxide: A Simple Guide (blog.epic-worlds.com)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

Wrote up a quick thing about using Keyoxide and thought to share it here since I haven't posted in awhile. lol

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 week ago

never change

Nah, that's not a problem.

So, if you send a password at some point, someone could theoretically intercept and get the password, and then impersonate you.

PGP keys are public-private. The key never leaves your possession. Instead, the other side asks you to cryptographically sign something using your private key, which they can validate using your public key.

You never expose your private key to any intermediary, and even the other side doesn't have it.

TOTPs have a shared secret, and generate a temporary passphrase using both time and the secret. Those also protect (mostly) against interception, since the OTP becomes invalid within probably seconds. Just as with PGP keys, the secret does not change. However, unlike PGP, the other side does also have all the information required to authenticate as you.