W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Passwords an security.

From: Phillip M. Hallam-Baker <hallam@w3.org>
Date: Thu, 25 Apr 1996 14:38:39 -0400
Message-Id: <317FC6AF.41C6@w3.org>
To: ietf-tls@w3.org
There have been a number of posts to the list that cause me some
concern. In particular there appears to be a possible confusion as to
the cryptographic security of password based systems. Passwords are a
key management issue. The various human factors problems with passwords
are well known but they are convenient and people use them.

There are cryptographically secure methods of implementing both
symmetric and asymmetric auhentication systems. Asymmetric key offers
more flexibility but at lower performance. Most useful systems involve a
hybrid. S-HTTP uses asymmetric key exchange to establish a shared secret
which can then be used for future transimission.


	Phill Hallam-Baker
Received on Thursday, 25 April 1996 14:38:43 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT