re: question on campus computer security

David Jablon (dpj@world.std.com)
Tue, 19 May 1998 21:51:33 -0400

• Next message: Mark Rosen: "Chaffing and Winnowing -- Part Deux!"
• Previous message: Dan Bailey: "Re: Another Test on RSA Keys"
• In reply to: Anonymous: "Re: Another Test on RSA Keys"
• Next in thread: Greg Noel: "re: question on campus computer security"
• Reply: Greg Noel: "re: question on campus computer security"

On Tue, 19 May 1998, James Black wrote:
>> The current project that needs some security would be having people
>> send passwords over the Internet (needed for LDAP), ...

At 11:30 AM 5/19/98 -0700, Greg Noel wrote:
>If the major motivator is to avoid sending passwords in the clear, one
>possibility is Stanford's SRP (http://jafar.stanford.edu/srp). You'd
>still have to type a password, but the authentication process doesn't put
>it on the wire.
>
>It's a very young protocol that hasn't received a lot of attention from
>the cryptographic community, so it may not be as strong as the hype makes
>it out to be. If what you want to protect is valuable, you might want to
>look at a more mature protocol like Kerberos. But it's definitely a step
>up from sending passwords in the clear.

With regard to Kerberos "more mature" == less secure.
In fact, SRP-3, B-SPEKE, and A-EKE were specifically designed to
prevent known attacks that succeed against Kerberos. SRP-3 may
be the youngest member of this family, but in general they're
all provably stronger than Kerberos, or any old challenge/response
method.

If you're concerned about who's reviewed these methods,
start with the papers on <http://world.std.com/~dpj/links.html>.
Some of the best minds in the cryptography/compsec
business have reviewed these protocols over the past
several years.

Here are some ways to prevent eavesdropper
dictionary attacks on passwords:

(1) use one of the SPEKE or EKE-style protocols,
(2) use PK encryption with certificates or
        pre-distributed stored keys, or
(3) use challenge/response or Kerberos and force *all*
        passwords to be chosen with a method that
        guarantees large entropy.

Some tradeoffs are:

(3) is distasteful to users, (2) requires stored public
keys or certificates and provides less direct protection
for the password, and (1) hasn't been built into many
applications ... yet.

------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>

• Next message: Mark Rosen: "Chaffing and Winnowing -- Part Deux!"
• Previous message: Dan Bailey: "Re: Another Test on RSA Keys"
• In reply to: Anonymous: "Re: Another Test on RSA Keys"
• Next in thread: Greg Noel: "re: question on campus computer security"
• Reply: Greg Noel: "re: question on campus computer security"