From: frantz@netcom.com (Bill Frantz)
To: minow@apple.com (Martin Minow)
Message Hash: bf0bb47eba2c58c13e91da5b397a834599d3ec37ac075306127a5e548cd454f2
Message ID: <199607031912.MAA08980@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-07-03 23:14:50 UTC
Raw Date: Thu, 4 Jul 1996 07:14:50 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jul 1996 07:14:50 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: SAFE Forum--some comments
Message-ID: <199607031912.MAA08980@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 08:44 PM 7/2/96 -0700, Martin Minow wrote:
>It's not quite that bad. Here are a few (more or less strong) crypto
>products you might not know you have:
>
>1. Every Macintosh made since at least 1988 has a secure authentication
> client module in the AppleShare Chooser dialog. When you use it to
> connect to a remote server, it notes that the user information
> is "two-way scrambled." (The server sends a random number challenge
> that the client uses to encrypt the username and password. The
> encrypted information is sent to the server.) All Macintosh systems
> running System 7 or later have the corresponding server software.
> What is interesting about this is that the encryption is completely
> invisible to the user.
I hear this as the server sends out a key which the client uses to encrypt
the username/password. This algorithm makes less sense than the one I
thought I heard at the SAFE forum on Monday which was:
(1) The server sends out a challenge/salt (different each time)
(2) The client uses a secure hash to compute hash(salt||password) and
returns the username and the hash.
(3) The server computes hash(salt||password) and compares the hashes.
Given that there is still some interest in algorithms and protocols on this
list, can you describe what is really happening?
Thanks - Bill
-------------------------------------------------------------------------
Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506 | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA
Return to July 1996
Return to ““Mark M.” <markm@voicenet.com>”