Passwords an security.

There have been a number of posts to the list that cause me some
concern. In particular there appears to be a possible confusion as to
the cryptographic security of password based systems. Passwords are a
key management issue. The various human factors problems with passwords
are well known but they are convenient and people use them.

There are cryptographically secure methods of implementing both
symmetric and asymmetric auhentication systems. Asymmetric key offers
more flexibility but at lower performance. Most useful systems involve a
hybrid. S-HTTP uses asymmetric key exchange to establish a shared secret
which can then be used for future transimission.

	Phill Hallam-Baker

Received on Thursday, 25 April 1996 14:38:43 UTC