RE: passwords

Hugo:  We did at one point consider Bellovin-Merritt for shared-key
authentication, but we decided that requiring server certification was
not a big sacrifice in the contexts we had in mind, and yielded better
security and fewer changes to existing infrastructure and code.  (For
example, Bellovin-Merritt would require clients to monitor for online
brute-force attacks on the password.)  Of course, if you want to propose
an extension allowing for BM-style two-way shared-key-based
authentication as an option in TLS, we'd have no objections to its

				Daniel Simon
				Cryptographer, Microsoft Corp.

>Sent: 	Wednesday, November 27, 1996 8:24 AM
>Subject: 	passwords
>I've seen a lot of traffic in this list discussing the use of
>passwords, how necessary they are and how insecure, etc. etc.
>I haven't seen any mention of the use of techniques like
>Bellovin-Merrit's for preventing dictionary attacks.
>Certainly, these techniques improve significantly on the
>security of passwords (particularly, low-entropy ones).
>BM solutions and related ones use public key techniques
>which are already available in SSL. Did anyone considered using them?
>Does anyone know of *any* real-world implementation of such
>techniques (not necessarily  related to SSL)?

Received on Monday, 2 December 1996 14:34:23 UTC