On Wed, 2009-09-23 at 16:44 -0400, Kemp, David P. wrote: > David's table indicates that "encrypting" (salted hashing) requires > some knowledge in the DUA for option 2, and I don't claim that > standardizing a method and implementing the standard is trivial. But > in principle the salt would have to be based on either invariant data > about the DSA (e.g. DNS name/port) entered/configured by the user and > needed to connect, or remembered/typed by the user after being > randomly generated by the DUA. Storing it in a DUA-maintained > registry/address book would inhibit user mobility, and storing > user-specific salt on the DSA would require an extra message. If the > connection protocol includes a DSA-to-DUA message before the > DUA-initiated BIND, that message could include a DSA ID from > which salt could be derived. The core problem with this kind of thing is that the salt (or nonce) is fixed. Which means that the same 'encrypted' password is passed in protocol each time, since the value passed in protocol is compared directly with the stored value. So, transport confidentiality needs to be used to protect the value passed, otherwise the same value can be used by an attacker for this server. (If the attacker is the administrator, then they don't even need to capture the protocol, they have access to the credentials required). Also, any salt really should be randomly generated for each password. If you have a fixed value for a server, then two users with the same password would have the same hashed value. regards David ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.