[10276] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Plain text passwords--necessary

daemon@ATHENA.MIT.EDU (Taral)
Tue Apr 20 14:10:17 1999

X-Envelope-From: taral@taral.net
Date: 	Mon, 19 Apr 1999 14:32:00 -0500
Reply-To: Taral <taral@TARAL.NET>
From: Taral <taral@TARAL.NET>
X-To:         Phillip Vandry <vandry@MLINK.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199904191510.LAA03916@Iodine.Mlink.NET>

On Mon, 19 Apr 1999, Phillip Vandry wrote:

> Method  Client     Wire       Server
> ------  ---------  ---------  ---------
> PAP     Clear      Clear      Encrypted
> CHAP    Clear      Encrypted  Clear
>
> And I don't think we can do better than that. We can encrypt at only one
> stage of the process. We have to make a tradeoff.

Not true:

  PK      Clear      Encrypted  Encrypted

PK = public key encryption (yes, some can be used with arbitrary
passwords as private keys)

Taral


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10276] in bugtraq

Re: Plain text passwords--necessary

daemon@ATHENA.MIT.EDU (Taral)Tue Apr 20 14:10:17 1999

daemon@ATHENA.MIT.EDU (Taral)
Tue Apr 20 14:10:17 1999