[4138] in cryptography@c2.net mail archive
RE: strong authentication without strong crypto?
daemon@ATHENA.MIT.EDU (Ivars Suba)
Fri Feb 5 13:19:32 1999
From: Ivars Suba <IvarsS@bank.lv>
To: "'David R. Conrad'" <David_Conrad@isc.org>
Cc: cryptography@c2.net
Date: Fri, 5 Feb 1999 09:07:13 +0200
Hi,
I recommend Strong Password authentication SPEKE
http://world.std.com/~dpj/speke97.html , Secure RPC Autthentication
(SRA)mechanism ftp://net.tamu.edu/pub/security/TAMU, IBM's KryptoKnight
http://www.zurich.ibm.com/Technology/Security/extern/kryptoknight/
With regards,
==============================
Ivars Suba <ivarss@bank.lv>
< -----Original Message-----
< From: Christopher Nielsen [mailto:enkhyl@scient.com]
< Sent: Friday, February 05, 1999 4:24 AM
< To: David R. Conrad
< Cc: cryptography@c2.net
< Subject: Re: strong authentication without strong crypto?
<
<
< On Thu, 4 Feb 1999, Christopher Nielsen wrote:
<
< > On Thu, 4 Feb 1999, David R. Conrad wrote:
< >
< > > Quick question: does anyone know of technology or
< techniques that would
< > > facilitate strong authentication (_not_ encryption) for
< unattended high
< > > volume electronic transactions and does not require
< strong crypto along
< > > the lines of DSA or RSA? Shared secrets are not an option.
< >
< > For authentication only that requires no crypto, try SRP.
< >
< > http://srp.stanford.edu/srp/
<
< Apologies for responding to my own message, but I should
< qualify what I
< said. A subset of SRP requires no crypto. Read the paper for a better
< explanation.
<
< --
< Christopher Nielsen
< Scient: The eBusiness Systems Innovator
< <http://www.scient.com>
< cnielsen@scient.com
<
<
