[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution

To: IPSRA list <ietf-ipsra@xxxxxxxx>
Subject: Re: l2tp as ipsra solution
From: Henry Spencer <henry@xxxxxxxxxxxxx>
Date: Wed, 14 Jun 2000 10:51:52 -0400 (EDT)
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

On Wed, 14 Jun 2000, Daniel Fox wrote:
> It's worse than that.  There are some authentication mechanisms (PAP 
> with /etc/passwd) that do not store the cleartext password (the pre-shared
> secret) on the server, but a one-way hash encryption.  Therefore, 
> there are some legacy secrets that cannot be downloaded...

That problem can be circumvented by thinking of the situation differently: 
the shared secret is the output of the one-way encryption, not the
original password.  (This does assume that the one-way-encryption output
really has been kept secret -- as opposed to trusting entirely in the
one-way encryption to preserve secrecy -- but that's normal these days...)

                                                          Henry Spencer
                                                       henry@xxxxxxxxxxxxx

Follow-Ups:
- Re: l2tp as ipsra solution
  - From: Daniel Fox

References:
- Re: l2tp as ipsra solution
  - From: Daniel Fox

Prev by Date: Re: l2tp as ipsra solution
Next by Date: Re: l2tp as ipsra solution
Previous by thread: Re: l2tp as ipsra solution
Next by thread: Re: l2tp as ipsra solution
Index(es):
- Date
- Thread