At 04:06 PM 06/08/2000 -0400, David Jablon wrote:
>A recent announcement by Verisign describes a system for strong network
>password authentication, with the added twist of using two or more servers,
>such that no individual server keeps any crackable password verifiers. ...
I read the marketing fluff masquerading as a technical description that
they posted on the site. The only thing I'm sure of is that they filed a
patent application for it. They haven't figured out how to embed it in a
product yet. Without more information it's impossible for me to tell if
they've actually constructed something useful.
There was some vagueness about the "verifier of K" value that made me
suspect they've left some conceptual holes unfilled. So we'll have to wait
for a real technical description before we can tell if this is a real
problem solution or an interesting but academic protocol design exercise.
Rick.
[EMAIL PROTECTED]
