draft-josefsson-password-auth-00.txt
Martin Rex
martin.rex at sap.com
Thu Mar 29 16:28:30 CEST 2007
Nicolas Williams wrote:
>
> > any case, how to salt the password is an open question. Perhaps the
>
> Well, you'd want to salt it with the server's name, so the verifier is
> different at each server. Then again, many sites might object. So you
> might want a two level verifier derivation where the first step is not
> salted with the server name and the second is -- then one could
> distribute the output of the first step as the verifier for all servers
> in a site.
Most challenge-response protocols perform a unidirectional
authentication of the client/initiator to the server/acceptor only,
and for those the authentication scheme usually does not have
a name for the acceptor.
I know that the Kerberos gss-api mechanism is "slightly" broken in
this respect since it requires a target name for gss_init_sec_context
even for unidirectional-only authentication. This requirement
is one of the reasons why in many Kerberos scenarios an end-point
identification similar to what HTTPoverSSL/TLS does is used instead
of a real mutual authentication.
One example for a challenge-repsonse authentication with GSS-API
style token exchange is Microsoft's NTLM SSP. My GSS-API wrapper
for Microsoft's Kerberos SSP also includes a wrapper for Microsoft's
NTLM SSP.
-Martin
More information about the Password-auth
mailing list