W3C home > Mailing lists > Public > ietf-tls@w3.org > October to December 1996

passwords

From: <HUGO@watson.ibm.com>
Date: Wed, 27 Nov 96 11:24:33 EST
Message-Id: <199611271636.LAA479329@mailhub1.watson.ibm.com>
To: ietf-tls@w3.org
I've seen a lot of traffic in this list discussing the use of
passwords, how necessary they are and how insecure, etc. etc.
I haven't seen any mention of the use of techniques like
Bellovin-Merrit's for preventing dictionary attacks.
Certainly, these techniques improve significantly on the
security of passwords (particularly, low-entropy ones).
BM solutions and related ones use public key techniques
which are already available in SSL. Did anyone considered using them?
Does anyone know of *any* real-world implementation of such
techniques (not necessarily  related to SSL)?

Thanks,

Hugo
Received on Wednesday, 27 November 1996 11:37:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC