Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!saturn!riedl@purdue.edu
From: riedl@purdue.edu (John T Riedl)
Newsgroups: comp.os.research
Subject: Re: Non-secure workstations (Was: The NeXT Problem)
Message-ID: <5182@saturn.ucsc.edu>
Date: 19 Oct 88 13:50:56 GMT
Sender: usenet@saturn.ucsc.edu
Organization: Department of Computer Science, Purdue University
Lines: 35
Approved: comp-os-research@jupiter.ucsc.edu


Needham and Schroeder's paper "Using Encryption for Authentication in
Large Networks of Computers" presents algorithms for authenticating
conversations in a possibly hostile distributed environment.  I
believe these algorithms form the basis for the Project Athena
Kerberos authentication server.

The model is that each entity has a key, and a single authentication
server knows the keys of all entities.  Without going into details,
the basic tricks are 1) use the user's password as a key; 2) include
as part of each encrypted message an additional integer that has never
been used in such a message before (to guard against replays); 3) the
authentication server returns enough (encrypted!) information to the
user that he can identify himself convincingly to his conversation
partner.

In article  <5173@saturn.ucsc.edu> fouts@lemming. (Marty Fouts) writes:
>The problem with this is that there is no way to prove that the 'you'
>identifying 'yourself' is really you in the presences of promiscuous
>or tapable transmission media.  Since the mid-70s, open literature has
>existed which suggests ways around authentication schemes.
>...
>Anyway, authentication in a hostile network is at best a currently
>unsolved problem, and at worse an unsolvable problem.
>
>Marty

Marty, do you know of specific problems with these techniques?  Your
examples of methods that don't work seem naive.  At the least, they
aren't a convincing basis for such strong statements about the
impossibility of authentication.

John
-- 
John Riedl
{ucbvax,decvax,hplabs}!purdue!riedl  -or-  riedl@cs.purdue.edu