The important points were
>Btw -- large password files using anything like this scheme are obsolescent.
>You can't use a hashed password for challenge/response,
....
>The fundamental problem is that users pick bad passwords and passphrases ...
Yup. I like S/Key better than the annoying SecureID card I use to
log in to work, or public-key challenge/responses where there's
an intelligent client that can use them.
>> >> b. Use a unique per-passphrase salt of at least 32 bits.
If you're going to bother with a salt, might as well make it 64 or 128 bits;
increasing storage by 2**32 is fine, but some combination of Moore's law,
holographic storage, tape robots or whatever may catch up with you,
but if you're doing an iterated-SHA1 or equivalent, you can allow
long passphrases and still use enough salt to make things unstorable,
forcing the cracker to iterate calculations every time.
>You're arguing with 20-20 hindsight. 16 gig of disk space wasn't even
>comprehensible then. 16 *meg* of disk space sufficed to bring up UNIX.
On the other hand, 16 gig of tape was comprehensible then, if large,
and tape sorting was still common technology - much more annoying with
160MB tapes than Exabytes or whatever the current big tapes are,
but you could sort things into some convenient retrieval order.
>How would I like to do it, given a blank slate? Most likely, I'd use
SHA-1 on
>the user's password, probably concatenated with a salt, to produce a DSA
>private key; the server would store the corresponding public key. (It's
>harder to pull a trick like that using RSA keys.)
A while back I did a login protocol based on Diffie-Hellman;
it turned out to be relatively easy (though unfortunately someone from
Siemens had also discovered it and patented it in Germany and then the US :-)
But almost any public-key system can give you a good mechanism for a
challenge/response and set up a shared secret for encrypting or AHing
a login session so it doesn't get hijacked.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
