re: question on campus computer security

New Message Reply About this list Date view Thread view Subject view Author view

Greg Noel (greg@qualcomm.com)
Tue, 19 May 1998 11:30:20 -0700 (PDT)


On Tue, 19 May 1998, James Black wrote:
> The current project that needs some security would be having people
> send passwords over the Internet (needed for LDAP), ...

If the major motivator is to avoid sending passwords in the clear, one
possibility is Stanford's SRP (http://jafar.stanford.edu/srp). You'd
still have to type a password, but the authentication process doesn't put
it on the wire.

It's a very young protocol that hasn't received a lot of attention from
the cryptographic community, so it may not be as strong as the hype makes
it out to be. If what you want to protect is valuable, you might want to
look at a more mature protocol like Kerberos. But it's definitely a step
up from sending passwords in the clear.

-- Greg Noel, UNIX Guru greg@qualcomm.com


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:29 ADT