Re: Encryption (was: Re: netatalk.com)

Subject: Re: Encryption (was: Re: netatalk.com)
From: Steve Freitas (sflist@ihonk.com)
Date: Tue Aug 01 2000 - 20:23:30 EDT

• Next message: Magnus Stenman: "Logo,RPMs,Version"
• Previous message: Tom Fitzgerald: "Encryption (was: Re: netatalk.com)"
• Maybe in reply to: Tom Fitzgerald: "Encryption (was: Re: netatalk.com)"
• Next in thread: Tom Fitzgerald: "Re: Encryption (was: Re: netatalk.com)"
• Maybe reply: Steve Freitas: "Re: Encryption (was: Re: netatalk.com)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>This isn't possible with rand*num encryption, that's the reason DHX was
>created. The randnums use a 1-way hash of the password for authentication,
>and the server can't validate the hash unless it has the original
>cleartext password on disk. Thus the .passwd file.

Thanks for the explanation. I retract my request. :-)

>Here's a deeper problem: DHX appears to be inferior to rand2num because
>with rand2num, the authentication handshake doesn't succeed until the
>server can prove to the client that it knows the user's password too.
>This prevents a rogue server from impersonating a real server. DHX
>doesn't appear to do this, so the security level is more like randnum,
>which doesn't verify the server's identity. Am I missing something?

Hmm, I'm tired of constantly chasing the next authentication scheme. Is
there another one out there what solves all of these problems?

• Next message: Magnus Stenman: "Logo,RPMs,Version"
• Previous message: Tom Fitzgerald: "Encryption (was: Re: netatalk.com)"
• Maybe in reply to: Tom Fitzgerald: "Encryption (was: Re: netatalk.com)"
• Next in thread: Tom Fitzgerald: "Re: Encryption (was: Re: netatalk.com)"
• Maybe reply: Steve Freitas: "Re: Encryption (was: Re: netatalk.com)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:47 EST