As ??? correctly wrote:
>>You can't use a hashed password for challenge/response, ....
>>The fundamental problem is that users pick bad passwords and passphrases ...
Bill Stewart responded:
>Yup. I like S/Key better than the annoying Se[***]ID card I use to
>log in to work, or public-key challenge/responses where there's
>an intelligent client that can use them.
An intelligent client can do a zero-knowledge password proof,
where nobody gets to crack the password if they don't already know it.
ZKPP is an optimal form of PK C/R password method.
??? wrote:
>>How would I like to do it, given a blank slate? Most likely, I'd use
>SHA-1 on
>>the user's password, probably concatenated with a salt, to produce a DSA
>>private key; the server would store the corresponding public key. (It's
>>harder to pull a trick like that using RSA keys.)
Why? If "do it" means "do a password-authenticated key exchange",
at some point you [???] should study the literature.
It sounds like the above protocol would be open to dictionary attacks
on anything signed with the DSA key.
Bill wrote:
>A while back I did a login protocol based on Diffie-Hellman;
>it turned out to be relatively easy (though unfortunately someone from
>Siemens had also discovered it and patented it in Germany and then the US :-)
Fortunately, nowadays, there are a lot of on-line papers to get
started. I've got a collection of links on the subject at
<http://world.std.com/~dpj/links.html>.
>But almost any public-key system can give you a good mechanism for a
>challenge/response and set up a shared secret for encrypting or AHing
>a login session so it doesn't get hijacked.
Unless I've misread this thread, this seems like dangerous advice.
To correct the problems of CHRAP, you do have to use PK encryption,
but exactly how to apply PK correctly to get a ZKPP is quite subtle.
Discussion of failed attempts as well as successful ones
is also at my site.
---------------------------------------------------
David P. Jablon [EMAIL PROTECTED]
President +1 508 898 9024
Integrity Sciences, Inc. www.IntegritySciences.com
