Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rochester!pt.cs.cmu.edu!sei!sei.cmu.edu!pdb
From: pdb@sei.cmu.edu (Patrick Barron)
Newsgroups: rec.ham-radio.packet,sci.crypt
Subject: Re: passwd security
Message-ID: <1370@aw.sei.cmu.edu>
Date: Wed, 20-May-87 08:44:16 EDT
Article-I.D.: aw.1370
Posted: Wed May 20 08:44:16 1987
Date-Received: Sat, 6-Jun-87 12:02:56 EDT
References: <1012@chinet.UUCP> <1615@Umunhum.STANFORD.EDU> <581@faline.bellcore.com> <3569@osu-eddie.UUCP>
Sender: netnews@sei.cmu.edu
Reply-To: pdb@sei.cmu.edu.UUCP (Pat Barron)
Organization: Carnegie-Mellon University, SEI, Pgh, Pa
Lines: 17
Xref: mnetor rec.ham-radio.packet:374 sci.crypt:439

In article <3569@osu-eddie.UUCP> verber@osu-eddie.UUCP (Mark A. Verber) writes:
>It would seem to me that a public key crypto-system would be perfect
>for this kind of application.  You could query the machine for its
>public key, encrypt your password using that key and then transmit
>your encrypted password.  The machine which you are trying to access
>then decodes your password with it's private key and verifies login. 

Two problems with this:

1)  You're still encrypting things.  It's illegal to send encrypted messages
    (of any kind) over the Amateur Radio Service.

2)  If the machine only has it's private key and a single public key, what's
    to stop the Bad Guy from listening to what my password looks like when
    transmitted back to the system, and just using that?

--Pat.