David Jablon (dpj@world.std.com)
Tue, 19 May 1998 21:51:33 -0400
On Tue, 19 May 1998, James Black wrote:
>> The current project that needs some security would be having people
>> send passwords over the Internet (needed for LDAP), ...
At 11:30 AM 5/19/98 -0700, Greg Noel wrote:
>If the major motivator is to avoid sending passwords in the clear, one
>possibility is Stanford's SRP (http://jafar.stanford.edu/srp). You'd
>still have to type a password, but the authentication process doesn't put
>it on the wire.
>
>It's a very young protocol that hasn't received a lot of attention from
>the cryptographic community, so it may not be as strong as the hype makes
>it out to be. If what you want to protect is valuable, you might want to
>look at a more mature protocol like Kerberos. But it's definitely a step
>up from sending passwords in the clear.
With regard to Kerberos "more mature" == less secure.
In fact, SRP-3, B-SPEKE, and A-EKE were specifically designed to
prevent known attacks that succeed against Kerberos. SRP-3 may
be the youngest member of this family, but in general they're
all provably stronger than Kerberos, or any old challenge/response
method.
If you're concerned about who's reviewed these methods,
start with the papers on <http://world.std.com/~dpj/links.html>.
Some of the best minds in the cryptography/compsec
business have reviewed these protocols over the past
several years.
Here are some ways to prevent eavesdropper
dictionary attacks on passwords:
(1) use one of the SPEKE or EKE-style protocols,
(2) use PK encryption with certificates or
pre-distributed stored keys, or
(3) use challenge/response or Kerberos and force *all*
passwords to be chosen with a method that
guarantees large entropy.
Some tradeoffs are:
(3) is distasteful to users, (2) requires stored public
keys or certificates and provides less direct protection
for the password, and (1) hasn't been built into many
applications ... yet.
------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:29 ADT