[Cryptography] secure authentication ... as opposed to passwords

Howard Chu hyc at symas.com
Mon May 7 16:40:59 EDT 2018


John Denker via cryptography wrote:
> 5) Zero-knowledge authentication.  Don't frame
>   it as a password problem!  Frame it as an
>   authentication problem, then do it properly.
>   Just as easy to use and in all ways better
>   than (3) or (4).
> 
>   If the server never sees the password, even
>   temporarily, then it can't compromise the
>   password.
> 
>   Code to do this sort of thing already exists.

Indeed, plenty of code.

Kerberos ticket-based authentication and X.509 certificate-based 
authentication both work without the target server ever seeing a user's password.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the cryptography mailing list