Hugo: We did at one point consider Bellovin-Merritt for shared-key authentication, but we decided that requiring server certification was not a big sacrifice in the contexts we had in mind, and yielded better security and fewer changes to existing infrastructure and code. (For example, Bellovin-Merritt would require clients to monitor for online brute-force attacks on the password.) Of course, if you want to propose an extension allowing for BM-style two-way shared-key-based authentication as an option in TLS, we'd have no objections to its inclusion. Daniel Simon Cryptographer, Microsoft Corp. (dansimon@microsoft.com) >---------- >From: HUGO@watson.ibm.com[SMTP:HUGO@watson.ibm.com] >Sent: Wednesday, November 27, 1996 8:24 AM >To: ietf-tls@w3.org >Subject: passwords > >I've seen a lot of traffic in this list discussing the use of >passwords, how necessary they are and how insecure, etc. etc. >I haven't seen any mention of the use of techniques like >Bellovin-Merrit's for preventing dictionary attacks. >Certainly, these techniques improve significantly on the >security of passwords (particularly, low-entropy ones). >BM solutions and related ones use public key techniques >which are already available in SSL. Did anyone considered using them? >Does anyone know of *any* real-world implementation of such >techniques (not necessarily related to SSL)? > >Thanks, > >Hugo > >Received on Monday, 2 December 1996 14:34:23 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC