- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Thu, 25 Apr 1996 17:36:08 -0400
- To: ietf-tls@w3.org
> From: Dan Simon <dansimon@microsoft.com> > Date: Thu, 25 Apr 1996 13:42:41 -0700 > > On the other hand, if we incorporate password authentication into the > protocol, then we can protect those passwords by basing the > challenge-response protocol on both the password and the > automatically-strong MAC key exchanged during the handshake. This will > protect the password from offline attacks, making even a poorly chosen > password a useful security tool (assuming that it's kept secret, and > that the server doesn't permit unlimited online trial-and-error > attacks). OK, the following is just a request for information; a reality check for myself to see if I'm missing something fundamental here. I have the uncomfortable feeling that we are talking past one another rather than communicating. Consider the following thought experiment: * PCT 2.0 protocol, using password authentication, where the password can be only a 4 digit number (10,000 possibilities), and no public/private key pairs at the two endpoints * 2 Princeton students with a copy of a PCT session sniffed off the wire (no active attacks allowed) Can they, or can they not break the session in a minute or so by exhausting over the password space?
Received on Thursday, 25 April 1996 17:36:18 UTC