W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Password Authentication

From: Bennet Yee <bsy@cs.ucsd.edu>
Date: Thu, 25 Apr 1996 14:49:04 -0700
Message-Id: <199604252149.OAA17287@work.ucsd.edu>
To: dpkemp@missi.ncsc.mil (David P. Kemp)
Cc: ietf-tls@w3.org
I haven't looked at PCTv2 recently, so a caveat.  However, if you just
think about how SSL and PCT work wrt exchanging a master key and hashing
down to read/write keys that are 40-bits, one could imagine the passwords
be protected by a >>40-bit key (probably not the master key directly,
but perhaps something else derived from it).  Network eavesdroppers that
wish to perform an exhaustive search of the space of passwords must also
determine this other key, which is difficult.

This may not be a kosher way to do things wrt export, however, since
one could imagine that secret messages are transmitted in this way (the
password is the message) which are protected by >40-bit crypto.

-bsy

--------
Bennet S. Yee		Phone: +1 619 534 4614	    Email: bsy@cs.ucsd.edu

Web:	http://www-cse.ucsd.edu/users/bsy/
USPS:	Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Thursday, 25 April 1996 17:49:22 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT