[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt

To: <rsalz@CaveoSystems.com>
Subject: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 15 Jul 2000 08:13:24 -0700
Cc: rsalz@CaveoSystems.com, ietf-ldapext@netscape.com
In-reply-to: <200007151409.KAA03124@pc1.caveosystems.com>

At 10:09 AM 7/15/00 -0400, rsalz@CaveoSystems.com wrote:
>>Note that in the public key world it is generally recommended to
>>key private keys protected by multiple layers of security.
>
>But hashes are public.  No matter the content, it is safe to expose
>the hash.
>        /r$

I disagree when the content is an authentication secret.

Like any other algorithm, hashing algorithms (and their
application) are subject to flaws of design and implementation
and we, as users of these algorithms, should take this into
consideration.  If such a flaw were discovered, the secret
would be vulnerable.  As such, additional protections, in my
option, are warranted.

If you look at modern systems which use password hashing,
you should find additional layers of protection.

Also, if you look at modern systems which use other
cryptographic algorithms (such as a cipher) to protect
authentication secrets, you will find other layers of
protection.

Kurt

References:
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: <rsalz@CaveoSystems.com>

Prev by Date: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
Next by Date: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
Index(es):
- Chronological
- Thread