Re: Raising the level ... was RE: Authentication Mechanism Matrix

[David Jablon <dpj@xxxxxxxxxxxxx>]

A retraction ...

At 10:42 PM 6/21/00 -0700, CHINNA N.R. PELLACURU wrote:
>> If your secret is "HRW#54", then the amount of security you can achieve
>> using a protocol like PIC, can be achieved within the context of IKE as it
>> exists today, and thus there is no real value to having anohter protocol
>> like PIC.

At 08:13 AM 6/22/00 -0400, I, David Jablon wrote:
>Since, as you seem to say, neither provides any security against a 25 to 30-bit
>off-line attack on a 25-to-30-bit password, I would tend to agree.

Oops.  Regardless of what Chinna meant to say, and what I meant to say,
both of the above are wrong.

Providing a means to secure the channel with server-authentication
is one way to prevent an off-line brute force attack on a password that
IKE as-is does not solve.  I just don't think it's the best way, since it can
introduce further unnecessary reliance on "proper" user behavior.

I'm wary of systems that depend on attentive users, who are supposed
to authenticate servers, but don't.

It's basically the same reason why I'm wary of counting on users to
follow "proper" password selection methods.

Zero-knowledge password systems get rid of the dependency on
server pre-authentication by solving the off-line password cracking
problem regardless of how the connection is made.

---------------------------------------------------
David P. Jablon
Integrity Sciences, Inc.
dpj@xxxxxxxxxxxxxxxxxxxxx
www.IntegritySciences.com