Network Security: Private Communication in a Public World, Second Edition

12. Strong Password Protocols

12.1. Introduction

Suppose a user, Alice, wants to use any workstation to log into a server, Bob. Assume she has nothing but a password with which to authenticate herself. Assume the workstation has no user-specific configuration, such as the user's trusted CAs, or the user's private key. Also assume that the software on the workstation is trustworthy. There are various ways Alice might use a password to authenticate herself to server Bob:

Transmit it over the wire, in the clear. This leaves Alice's password vulnerable to discovery by an eavesdropper, or someone impersonating Bob.
Do an anonymous Diffie-Hellman exchange to establish a secret key and an encrypted tunnel, and send the password over that encrypted ...

Get Network Security: Private Communication in a Public World, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security: Private Communication in a Public World, Second Edition by Mike Speciner, Radia Perlman, Charlie Kaufman

12. Strong Password Protocols

12.1. Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly