Phillip M. Hallam-Baker wrote: > > There have been a number of posts to the list that cause me some > concern. In particular there appears to be a possible confusion as to > the cryptographic security of password based systems. Passwords are a > key management issue. The various human factors problems with > passwords are well known but they are convenient and people use them. > > There are cryptographically secure methods of implementing both > symmetric and asymmetric auhentication systems. Asymmetric key offers > more flexibility but at lower performance. Most useful systems involve > a hybrid. S-HTTP uses asymmetric key exchange to establish a shared > secret which can then be used for future transimission. Which is exactly what SSL does. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@netscape.comReceived on Thursday, 25 April 1996 16:34:04 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:11 UTC