W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

RE: Password Authentication

From: David P. Kemp <dpkemp@missi.ncsc.mil>
Date: Thu, 25 Apr 1996 17:36:08 -0400
Message-Id: <199604252136.RAA18663@argon.ncsc.mil>
To: ietf-tls@w3.org
> From: Dan Simon <dansimon@microsoft.com>
> Date: Thu, 25 Apr 1996 13:42:41 -0700
> 
> On the other hand, if we incorporate password authentication into the
> protocol, then we can protect those passwords by basing the
> challenge-response protocol on both the password and the
> automatically-strong MAC key exchanged during the handshake.  This will
> protect the password from offline attacks, making even a poorly chosen
> password a useful security tool (assuming that it's kept secret, and
> that the server doesn't permit unlimited online trial-and-error
> attacks).


OK, the following is just a request for information; a reality check
for myself to see if I'm missing something fundamental here.  I have
the uncomfortable feeling that we are talking past one another rather
than communicating.

Consider the following thought experiment:

* PCT 2.0 protocol, using password authentication, where the password
  can be only a 4 digit number (10,000 possibilities), and no
  public/private key pairs at the two endpoints

* 2 Princeton students with a copy of a PCT session sniffed off
  the wire (no active attacks allowed)

Can they, or can they not break the session in a minute or so by
exhausting over the password space?
Received on Thursday, 25 April 1996 17:36:18 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT