Bugtraq mailing list archives

Re: Plain text passwords--necessary

From: dfinkels () SIAC COM (Daniel Alex Finkelstein)
Date: Mon, 19 Apr 1999 18:23:14 -0400


And we could go even further: certificates. The DCE-PKI RFC 68.4 takes
Kerberos to a new level: certificate-granting-certificates. This RFC
specifies the extension of DCE (particularly the Kerberos part) to include
certificate capabilities. I'd provide the URL to the RFC, but it seems to
have vanished from all the usual sites...

On Mon, 19 Apr 1999, Trevor Schroeder wrote:

It seems to me that a lot of this could be avoided using tickets similar to
Kerberos.  We have a trusted third party (TTP) that receives your
credentials once and returns a ticket for a set of services with a given
lifetime.  This ticket is good only within a certain context (certain
services, servers, clients, times, dates, you name it and it can be rolled
into the ticket).  That way if the ticket is compromised, it is of limited
use (versus a full blown password with may be useful in other contexts.)


Daniel Alex Finkelstein
New Technologies
phone   212-383-2951
pager   917-427-1630
fax     212-383-3289
Securities Industry Automation Corporation

Current thread:

bug in ssh allowing to be invissible, (continued)
- - - bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
    - Re: bug in ssh allowing to be invissible Pete (Apr 20)
    - Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
    - NetBSD Security Advisory 1999-009 matthew green (Apr 20)
    - Bash Bug Shadow (Apr 20)
    - Re: Bash Bug Marc Lehmann (Apr 21)
    - Re: Bash Bug Pavel Kankovsky (Apr 22)
    - Re: Bash Bug Chet Ramey (Apr 22)
    - L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
    - Re: Plain text passwords--necessary Densin Roy. (Apr 19)
    - Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
    - AOL Instant Messenger URL Crash Adam Brown (Apr 19)
    - Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
    - Shopping Carts exposing CC data Joe (Apr 19)
    - Re: Shopping Carts exposing CC data Joe (Apr 20)
    - Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)
    - Re: Outlook 98 allows spoofing internal users Peter van Dijk (Apr 25)
    - Re: Shopping Carts exposing CC data Louis R. Marascio (Apr 20)
    - eBay password stealing with JavaScript Michael K. Sanders (Apr 20)
    - Re: eBay password stealing with JavaScript Paul Festa (Apr 21)
    - Bug in Linux Mount Jacek Konieczny (Apr 20)

(Thread continues...)