re: question on campus computer security

Greg Noel (greg@qualcomm.com)
Tue, 19 May 1998 11:30:20 -0700 (PDT)

• Next message: Lucky Green: "re: question on campus computer security"
• Previous message: James Black: "re: question on campus computer security"
• Next in thread: Lucky Green: "re: question on campus computer security"
• Reply: Lucky Green: "re: question on campus computer security"
• Reply: David Jablon: "re: question on campus computer security"

On Tue, 19 May 1998, James Black wrote:
> The current project that needs some security would be having people
> send passwords over the Internet (needed for LDAP), ...

If the major motivator is to avoid sending passwords in the clear, one
possibility is Stanford's SRP (http://jafar.stanford.edu/srp). You'd
still have to type a password, but the authentication process doesn't put
it on the wire.

It's a very young protocol that hasn't received a lot of attention from
the cryptographic community, so it may not be as strong as the hype makes
it out to be. If what you want to protect is valuable, you might want to
look at a more mature protocol like Kerberos. But it's definitely a step
up from sending passwords in the clear.

-- Greg Noel, UNIX Guru greg@qualcomm.com

• Next message: Lucky Green: "re: question on campus computer security"
• Previous message: James Black: "re: question on campus computer security"
• Next in thread: Lucky Green: "re: question on campus computer security"
• Reply: Lucky Green: "re: question on campus computer security"
• Reply: David Jablon: "re: question on campus computer security"