RE: Digest mess

Paul Leach (paulle@microsoft.com)
Wed, 7 Jan 1998 17:59:01 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David W. Morris: "RE: Digest mess"
Previous message: Joel N. Weber II: "Re: FW: Digest mess"

> ----------
> From: 	jg@pa.dec.com[SMTP:jg@pa.dec.com]
> Sent: 	Wednesday, January 07, 1998 9:52 AM
> To: 	Paul Leach
> Cc: 	http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; Scott Lawrence
> Subject: 	RE: Digest mess
> 
> 
> While I agree with both Paul and Scott on message integrity, I'd 
> like to remind people that the BIG disaster on the Internet 
> is password grabbing. 
> 
Of course. But that's because no one needs to do anything complicated when
something trivial suffices.

>  Naive people use the same
> password for many things...
> 
(Interesting side note: the SCRAM auth protocol uses a per-server or
per-authentication domain salt to allow safe use of the same password for
many sites. There's an I-D by Chris Newman -- I forget the exact title.)

> At this point, anything that can help that problem is worth alot, eve
> n if it has other issues...
> 
All that will happen is that the attackers will switch to exploiting the
other weaknesses.

Paul

Next message: David W. Morris: "RE: Digest mess"
Previous message: Joel N. Weber II: "Re: FW: Digest mess"