[4133] in cryptography@c2.net mail archive
Re: strong authentication without strong crypto?
daemon@ATHENA.MIT.EDU (Christopher Nielsen)
Fri Feb 5 00:03:34 1999
Date: Thu, 4 Feb 1999 18:23:49 -0800 (PST)
From: Christopher Nielsen <enkhyl@scient.com>
Reply-To: Christopher Nielsen <cnielsen@pobox.com>
To: "David R. Conrad" <David_Conrad@isc.org>
Cc: cryptography@c2.net
In-Reply-To: <Pine.BSF.4.05.9902041817090.396-100000@ender.sf.scient.com>
On Thu, 4 Feb 1999, Christopher Nielsen wrote:
> On Thu, 4 Feb 1999, David R. Conrad wrote:
>
> > Quick question: does anyone know of technology or techniques that would
> > facilitate strong authentication (_not_ encryption) for unattended high
> > volume electronic transactions and does not require strong crypto along
> > the lines of DSA or RSA? Shared secrets are not an option.
>
> For authentication only that requires no crypto, try SRP.
>
> http://srp.stanford.edu/srp/
Apologies for responding to my own message, but I should qualify what I
said. A subset of SRP requires no crypto. Read the paper for a better
explanation.
--
Christopher Nielsen
Scient: The eBusiness Systems Innovator
<http://www.scient.com>
cnielsen@scient.com
