My point was that if we could change every site on the internet to use public keys we wouldn't be having this conversation because they'd already be doing the hashing right with bcrypt.
Sure you can get some sites to use it, and sure you can come up with some way to secure a few savvy people. But it wouldn't elevate ambient security if you expect every site on the internet to change.
Instead my proposal would start securing 80% of the internet by fixing three codebases.
Sure you can get some sites to use it, and sure you can come up with some way to secure a few savvy people. But it wouldn't elevate ambient security if you expect every site on the internet to change.
Instead my proposal would start securing 80% of the internet by fixing three codebases.