nanogui: Access control
Subject:
Re: Access control
From:
Morten Rolland ####@####.####
Date:
14 Dec 2000 11:47:38 -0000
Message-Id: <3A38B413.E32033A5@screenmedia.no>
Alex Holden wrote:
> Hashed challenge response based access. This has the advantage that an
> implementation of it would be very small, several public domain
> implementations of common hash algorithms such as MD5 exist, and it does
> prevent plaintext passwords from being sent over the wire. It has the
> disadvantage that it's not cryptographically strong.
I'm no crypto expert, as my comment below may quickly reveal...:-)
But, I think a hashed challenge is just as strong as any other
authentication as long as the hash function is good, and the
random number source on the server is "truly" random.
The MD5 is AFAIK not the strongest hash invented, but I'd personally
prefer a 128 bit MD5 hash over a 56 bit DES. When using DES,
you would also need a challenge type of algorithm, using DES
for the "irreversible scrambling".
I don't think the flexibility of public key encryption would be
very usefull in most circumstances, e.g. most often you want a
pool of clients to be able to connect. The process of
distributing the keys/passwords in advance and guarding them
afterwards from compromise would be much the same independent of
the authentication method used.
Public key encryption is also dependant on a good random number
generator.
Regards,
Morten Rolland
