passwords from HUGO@watson.ibm.com on 1996-11-27 (ietf-tls@w3.org from October to December 1996)

From: <HUGO@watson.ibm.com>
Date: Wed, 27 Nov 96 11:24:33 EST
To: ietf-tls@w3.org
Message-Id: <199611271636.LAA479329@mailhub1.watson.ibm.com>

I've seen a lot of traffic in this list discussing the use of
passwords, how necessary they are and how insecure, etc. etc.
I haven't seen any mention of the use of techniques like
Bellovin-Merrit's for preventing dictionary attacks.
Certainly, these techniques improve significantly on the
security of passwords (particularly, low-entropy ones).
BM solutions and related ones use public key techniques
which are already available in SSL. Did anyone considered using them?
Does anyone know of *any* real-world implementation of such
techniques (not necessarily  related to SSL)?

Thanks,

Hugo

Received on Wednesday, 27 November 1996 11:37:09 UTC