RE: Password Authentication

> From: Dan Simon <>
> Date: Thu, 25 Apr 1996 13:42:41 -0700
> On the other hand, if we incorporate password authentication into the
> protocol, then we can protect those passwords by basing the
> challenge-response protocol on both the password and the
> automatically-strong MAC key exchanged during the handshake.  This will
> protect the password from offline attacks, making even a poorly chosen
> password a useful security tool (assuming that it's kept secret, and
> that the server doesn't permit unlimited online trial-and-error
> attacks).

OK, the following is just a request for information; a reality check
for myself to see if I'm missing something fundamental here.  I have
the uncomfortable feeling that we are talking past one another rather
than communicating.

Consider the following thought experiment:

* PCT 2.0 protocol, using password authentication, where the password
  can be only a 4 digit number (10,000 possibilities), and no
  public/private key pairs at the two endpoints

* 2 Princeton students with a copy of a PCT session sniffed off
  the wire (no active attacks allowed)

Can they, or can they not break the session in a minute or so by
exhausting over the password space?

Received on Thursday, 25 April 1996 17:36:18 UTC