RE: Digest mess

> ----------
> From:[]
> Sent: 	Wednesday, January 07, 1998 9:52 AM
> To: 	Paul Leach
> Cc:; Scott Lawrence
> Subject: 	RE: Digest mess
> While I agree with both Paul and Scott on message integrity, I'd 
> like to remind people that the BIG disaster on the Internet 
> is password grabbing. 
Of course. But that's because no one needs to do anything complicated when
something trivial suffices.

>  Naive people use the same
> password for many things...
(Interesting side note: the SCRAM auth protocol uses a per-server or
per-authentication domain salt to allow safe use of the same password for
many sites. There's an I-D by Chris Newman -- I forget the exact title.)

> At this point, anything that can help that problem is worth alot, eve
> n if it has other issues...
All that will happen is that the attackers will switch to exploiting the
other weaknesses.


Received on Wednesday, 7 January 1998 18:03:40 UTC