On Wed, 2009-09-23 at 16:44 -0400, Kemp, David P. wrote: > Implementation details aside, protecting clear passwords from DSA > administrators is a legitimate goal, even if TLS is used. And so is > preventing adversaries from collecting clear or unsalted-hashed > passwords for use against other systems, when TLS is not used. > The problem is that the devil is in the detail. The basis of authentication is that the client knows some secret. The problem is verifying that they know that secret in a way that does not require the verifier to know what the secret is, and require that the data which the verifier does hold or the data passed between client and server cannot be used to subvert the verification process. Actually, this is a solved problem. You use something based on an asymmetric (public/private) key pair. The server holds (or obtains) the public key and the client has the private key. That's what strong authentication is about. But the use of passwords is essentially the use of a symmetric key, shared between client and server. ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.