[Cryptography] secure authentication ... as opposed to passwords
Howard Chu
hyc at symas.com
Mon May 7 16:40:59 EDT 2018
John Denker via cryptography wrote:
> 5) Zero-knowledge authentication. Don't frame
> it as a password problem! Frame it as an
> authentication problem, then do it properly.
> Just as easy to use and in all ways better
> than (3) or (4).
>
> If the server never sees the password, even
> temporarily, then it can't compromise the
> password.
>
> Code to do this sort of thing already exists.
Indeed, plenty of code.
Kerberos ticket-based authentication and X.509 certificate-based
authentication both work without the target server ever seeing a user's password.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list