On Fri, 20 Jan 2012, Dan Kaminsky wrote: > Eh, you wouldn't support a feature that only displayed a password prompt if the username was valid. Same thing, very similar experience even. It isn't the same thing at all. Usernames are short, low-entropy and highly common between systems. Public keys are none of these. -d