[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
At 10:09 AM 7/15/00 -0400, rsalz@CaveoSystems.com wrote:
>>Note that in the public key world it is generally recommended to
>>key private keys protected by multiple layers of security.
>
>But hashes are public. No matter the content, it is safe to expose
>the hash.
> /r$
I disagree when the content is an authentication secret.
Like any other algorithm, hashing algorithms (and their
application) are subject to flaws of design and implementation
and we, as users of these algorithms, should take this into
consideration. If such a flaw were discovered, the secret
would be vulnerable. As such, additional protections, in my
option, are warranted.
If you look at modern systems which use password hashing,
you should find additional layers of protection.
Also, if you look at modern systems which use other
cryptographic algorithms (such as a cipher) to protect
authentication secrets, you will find other layers of
protection.
Kurt