Re: Passwords an security.

Phillip M. Hallam-Baker wrote:
> There have been a number of posts to the list that cause me some
> concern. In particular there appears to be a possible confusion as to
> the cryptographic security of password based systems. Passwords are a
> key management issue. The various human factors problems with
> passwords are well known but they are convenient and people use them.
> There are cryptographically secure methods of implementing both
> symmetric and asymmetric auhentication systems. Asymmetric key offers
> more flexibility but at lower performance. Most useful systems involve
> a hybrid. S-HTTP uses asymmetric key exchange to establish a shared
> secret which can then be used for future transimission.

Which is exactly what SSL does.

Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          |

Received on Thursday, 25 April 1996 16:34:04 UTC