Jan 4, 2008 9:35 pm
JoinedMar 8, 2005
That's not really solving the problem; instead of having passwords, you have a key. And then you have to have your key with you when you want to connect to the MUD. I certainly couldn't remember my keys.
It solves the problem only in that a public/private key pair is (normally) unique to an individual. If the mud generates a key pair, and when you create an account, you upload (or otherwise exchange) the public side if your keypair, it becomes associated with that account. So the only way someone can log in as you is to have both your public and private keys. Unlike a password, these aren't things that can be tossed about unless you have a photographic memory.
Of course it can be sabotaged by the user, just like I can give you the physical keys to my house, or a DNA sample to use... but most passwords are hacked because the owner told their friend, or they used their girlfriend's name, or (in the case of my old University) it gets reset by an admin to the day of the week and they never change it.
The host could provide a connection tunnel, although that requires extra work for everyone.
I suppose, although it would still require the end user to run their client inside another client (which would do the authentication and ssh protocol layer). Not something I'd expect to see often.