/etc/shadow
Dave Brower
daveb at gonzo.UUCP
Sat Nov 19 17:13:32 AEST 1988
In article <17568 at adm.BRL.MIL> rbj at nav.icst.nbs.gov (Root Boy Jim) writes:
>? From: Doug Gwyn <gwyn at smoke.brl.mil>
>
>? In the above, probably it would be safest to use the encrypted form
>? of a trial password instead of plaintext. It bothers me that some
>? network protocols send unencrypted passwords over the network.
>
>Perhaps I don't understand the problem fully, but it seems to me that
>I could just write a client that sends, say, the login name and the
>encrypted password (which I got from reading the password file) over
>the net and masquerade as a legitimate host. Unless you send the plaintext
>password over the net, you preclude the server from checking the validity
>itself. And you force all encryption algorithms to be the same.
The answer to a large number of these authentication problems is alleged
to be the one way public key encrytption available from RSA. Does
anyone know some of the salient facts about this approach?
* How "secure" is the encryption to common attacks,
including brute force?
* What does it really cost to license from RSA, and
what do you get for your license.
* Is anyone actually using it in anything?
-dB
--
"It if was easy, we'd hire people cheaper than you to do it"
{sun,mtxinu,hoptoad}!rtech!gonzo!daveb daveb at gonzo.uucp
More information about the Comp.unix.wizards
mailing list