> ---------- > From: jg@pa.dec.com[SMTP:jg@pa.dec.com] > Sent: Wednesday, January 07, 1998 9:52 AM > To: Paul Leach > Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; Scott Lawrence > Subject: RE: Digest mess > > > While I agree with both Paul and Scott on message integrity, I'd > like to remind people that the BIG disaster on the Internet > is password grabbing. > Of course. But that's because no one needs to do anything complicated when something trivial suffices. > Naive people use the same > password for many things... > (Interesting side note: the SCRAM auth protocol uses a per-server or per-authentication domain salt to allow safe use of the same password for many sites. There's an I-D by Chris Newman -- I forget the exact title.) > At this point, anything that can help that problem is worth alot, eve > n if it has other issues... > All that will happen is that the attackers will switch to exploiting the other weaknesses. PaulReceived on Wednesday, 7 January 1998 18:03:40 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC