Re: Shared Secret Authentication

> From: "David P. Jablon" <>
> Earlier threads on this list seem to have focused debate on
> weak methods for password/passphrase/shared-secret authentication.
> Methods that are immune to unconstrained dictionary attack
> have been around since 1992, from Bellovin & Merritt's EKE family
> of protocols, to the SPEKE method developed by myself.
> I find it curious that the debate has settled down upon
> demonstrably weaker alternatives, as in the current drafts.
> I would suggest that the passauth-00.txt "Addition of
> Shared Key Authentication" document be modified to use
> strong password authentication.  Presenting weak password
> authentication as an alternative to strong public-key
> methods seems sloppy.
> ------------------------------------
> David P. Jablon
> Integrity Sciences, Inc.
> Westboro, MA
> Tel: +1 508 898 9024
> E-mail:

I believe that the earlier thread contained implications that the
Bellovin & Merritt technique might be encumbered by intellectual
property restrictions.

Is the SPEKE method covered by any patents, B-M, your own, or others?

The One-Time-Password working group made it's distaste for encumbered
technology "patently" clear (sorry :-) at the December IETF - choosing
to reject both a method patented by Bull and an alternative patented by

The TLS working group also expressed concern about using patented
compression technology from Hi-Fn (Stac), although it may be possible
to implement the proposed compression method in a non-infringing way.

If SPEKE is both demonstrably stronger than Dan Simon's proposal
*and* unencumbered, then by all means submit a draft for our consideration.
If it is not, it will probably fall pretty low on the priority list of
work items.

Received on Friday, 7 February 1997 09:20:08 UTC