I've seen a lot of traffic in this list discussing the use of
passwords, how necessary they are and how insecure, etc. etc.
I haven't seen any mention of the use of techniques like
Bellovin-Merrit's for preventing dictionary attacks.
Certainly, these techniques improve significantly on the
security of passwords (particularly, low-entropy ones).
BM solutions and related ones use public key techniques
which are already available in SSL. Did anyone considered using them?
Does anyone know of *any* real-world implementation of such
techniques (not necessarily  related to SSL)?



Received on Wednesday, 27 November 1996 11:37:09 UTC