Bugtraq mailing list archives

Re: Plain text passwords--necessary

From: taral () TARAL NET (Taral)
Date: Mon, 19 Apr 1999 14:32:00 -0500


On Mon, 19 Apr 1999, Phillip Vandry wrote:

Method  Client     Wire       Server
------  ---------  ---------  ---------
PAP     Clear      Clear      Encrypted
CHAP    Clear      Encrypted  Clear

And I don't think we can do better than that. We can encrypt at only one
stage of the process. We have to make a tradeoff.


Not true:

  PK      Clear      Encrypted  Encrypted

PK = public key encryption (yes, some can be used with arbitrary
passwords as private keys)

Taral

Current thread:

Re: Plain text passwords--necessary Francisco M. Marzoa Alonso (Apr 16)
- <Possible follow-ups>
- Re: Plain text passwords--necessary Aleph One (Apr 16)
  - Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
    - Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 19)
    - Re: Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 20)
    - Re: Plain text passwords--necessary Taral (Apr 19)
  - Re: Plain text passwords--necessary Trevor Schroeder (Apr 19)
    - bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
    - Re: bug in ssh allowing to be invissible Pete (Apr 20)
    - Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
    - NetBSD Security Advisory 1999-009 matthew green (Apr 20)
    - Bash Bug Shadow (Apr 20)
    - Re: Bash Bug Marc Lehmann (Apr 21)
    - Re: Bash Bug Pavel Kankovsky (Apr 22)
    - Re: Bash Bug Chet Ramey (Apr 22)
    - L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)

(Thread continues...)