Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!UM.CC.UMICH.EDU!Richard_S._Conto
From: Richard_S._Conto@UM.CC.UMICH.EDU.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re:  Password Security for the UCLA ACP
Message-ID: <1713165@um.cc.umich.edu>
Date: Tue, 13-Jan-87 08:50:32 EST
Article-I.D.: um.1713165
Posted: Tue Jan 13 08:50:32 1987
Date-Received: Tue, 13-Jan-87 19:23:22 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 27
Approved: tcp-ip@sri-nic.arpa

In the message ( Message-Id: <8701121034.aa13795@SEM.BRL.ARPA>)
of Mon, 12 Jan 87, Ron Natalie (<ron@BRL.ARPA>) suggests:
 
> ...                                    The only way I can think of
>getting around it is to use a PC or some other semi-smart device as
>the user terminal and encrypt some or all of the authentication information.
>It's really the same idea, except that the terminal has most of the smart
>algorithm in it, the user just has some key.
 
  Is this really 'safe'?  If you're really so terribly worried about the
privacy and the secure validation (which I'd like to consider as seperate,
though linked issues), then doesn't this end also need to be secure?  I
can see specialized hardware possibly being secure, but a program that
resides on a PC can be easily duplicated.  In fact, with one person
borrowing another's copy to get some work done quickly, it would soon seem
to loose any real security at all and just become a nuisance.
 
--- Richard
 
ARPA     Richard_S._Conto@um.cc.umich.edu
USnail   Richard S. Conto
         Computing Center
         1075 Beal Ave.
         University of Michigan
         Ann Arbor, Mi.  48109
 
"It's too early in the day to be cute and funny."