Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!lll-lcc!mordor!styx!ames!ucbcad!ucbvax!BRL.ARPA!ron
From: ron@BRL.ARPA (Ron Natalie)
Newsgroups: mod.protocols.tcp-ip
Subject: Re:  Password Security for the UCLA ACP
Message-ID: <8701121034.aa13795@SEM.BRL.ARPA>
Date: Mon, 12-Jan-87 10:34:08 EST
Article-I.D.: SEM.8701121034.aa13795
Posted: Mon Jan 12 10:34:08 1987
Date-Received: Mon, 12-Jan-87 22:37:30 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 10
Approved: tcp-ip@sri-nic.arpa

Of course the problem with this is that the users who are likely to
be using a Unversity Administration system aren't likely to be able
to deal with too hard an algorithm and a Ethernet wiretapper probably
could deduce it over a period of time.  The only way I can think of
getting around it is to use a PC or some other semi-smart device as
the user terminal and encrypt some or all of the authentication information.
It's really the same idea, except that the terminal has most of the smart
algorithm in it, the user just has some key.

-Ron