Greg Noel (greg@qualcomm.com)
Tue, 19 May 1998 20:51:04 -0700 (PDT)
On Tue, 19 May 1998, David Jablon wrote:
> With regard to Kerberos "more mature" == less secure. In fact, SRP-3,
> B-SPEKE, and A-EKE were specifically designed to prevent known attacks
> that succeed against Kerberos. SRP-3 may be the youngest member of this
> family, but in general they're all provably stronger than Kerberos, or
> any old challenge/response method.
>
> If you're concerned about who's reviewed these methods, start with the
> papers on <http://world.std.com/~dpj/links.html>. Some of the best
> minds in the cryptography/compsec business have reviewed these protocols
> over the past several years.
Hey, I like SRP or I wouldn't have mentioned it. And it probably is
stronger than Kerberos. I'm even proposing to use it in a project I
want to do.
But it's only a couple of years old. Even though the theory is good,
earlier versions of it were broken due to small implementation details.
There's no way to _prove_ that such a detail won't trip up the current
version.
I respect the opinions of those who've evaluated the protocol; I'll even
agree that it doesn't have any obvious flaws. I'm obviously willing to
trust it to some extent or it wouldn't be in my project proposal.
In five or ten years we'll know if it's as secure as it appears. Until
then, the age of the protocol is something that should be considered in
the risk assessment.
And if his current problem is sending passwords across in the clear, any
of the methods are vastly to be prefered.
BTW, that's a very cool page with a lot of good info.
-- Greg Noel, UNIX Guru greg@qualcomm.com
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:30 ADT