A recent announcement by Verisign describes a system for strong network
password authentication, with the added twist of using two or more servers,
such that no individual server keeps any crackable password verifiers.
The basic idea seems to be a key-splitting trick, such that when using
N servers, passwords remain uncrackable even when up to N-1 servers
are compromised.
Crackable password files have been around for soooo long that I presume
a lot of people thought they were inevitable.
The posted paper is somewhat open to interpretation, but here's my view
of the problem:
Authenticate a user with an name and password, from a client
to N authentication servers, on which we assume the user
has previously enrolled,
Protect all passwords, even those with little or unknown entropy.
Do it in a way that keeps passwords secure in the face of
brute-force attack with enemy access to N-1 servers.
Do not use any other special hardware,
do not store any user data on the client.
and presume the client software is trustworthy.
Remember: The enemy may be "root". (or an NT equivalent, like "guest" :-)
He knows what you are sending.
He knows what you've enrolled.
He knows when your login is good or bad.
Now this pun is getting old.
It seems reasonable to limit on-line guessing, but don't
try to stop denial-of-service attacks.
Verisign has announced, but not yet disclosed, their work on this problem,
to be described in a paper by Warwick Ford and Burt Kaliski.
<http://www.verisign.com/rsc/wp/roaming/>
Does anyone else know of other work on this problem?
---------------------------------------------------
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
www.IntegritySciences.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBOT+rTwjcL69H4KeIEQIMuwCeLdIZUuhJMo7MhrAe2etgOnT/PgkAoOP0
P/paoLwwXSQEUUzQ1QCbl3CB
=wo7R
-----END PGP SIGNATURE-----
