Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text passwords--necessary

From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Mon, 19 Apr 1999 17:07:28 -0400

In message <199904191510.LAA03916 () Iodine Mlink NET>, Phillip Vandry writes:

First, plain text passwords are being used is places where they need not
be. For example the recent post about the Real Media server storing
plain text passwords. There is no reason for the server to store
plain text passwords. It can store a hash and authenticate users
against the hash.


It's the old PAP versus CHAP debate. *YES*, there is reason for the
realmedia server to store the password in plaintext (although it
should still obfuscate it to prevent accidental viewing). I always
like to compare the types of PPP authentication to show this:

Method  Client     Wire       Server
------  ---------  ---------  ---------
PAP     Clear      Clear      Encrypted
CHAP    Clear      Encrypted  Clear

And I don't think we can do better than that. We can encrypt at only one
stage of the process. We have to make a tradeoff.


It's certainly possible to do better -- there's a whole family of protocols
that do that.  See, for example, /http://www.research.att.com/~smb/papers/aeke.ps (or .pdf), which gives
encrypted on the wire and at the server.  (The predecessor paper is
http://www.research.att.com/~smb/papers/neke.ps)  There are related
protocols by others.
Previous By Date Next
Previous By Thread Next

Current thread: