Encoding cryptographic keys as passphrases, but easier to spell
Distributed Disruption of Surveillance ...
Perhaps instead of looking at cookies as a proxy for passwords, we should be looking at passwords as a transport mechanism for secrets! The desired result is to share a secret key between the server and one or more browsers, and the password is merely a mechanism to prove the browser worthy of the secret ...
I've used this authentication method on a couple of different client projects so far, so I thought it might be useful to write up a quick explanation of how it works.
Image a WWW using Cryptographic Hash URIs instead of URLs.