On Fri, Apr 16, 1999 at 01:14:59PM -0700, Aleph One wrote: > Lots of replies to this message but they all failed to really answer > the questions raised by the original post. > > Almost everyone responded "we want crypto". Sorry folks, crypto > does not fix the problem for systems where the user wants the > program to authenticate itself in its behalf automatically such > as in the case of retrieving email from a server. The program still > requires to remember the password in plaintext to decrypt the private > key, or worse, must maintain the private key unencrypted. > Perhaps it would be possible to use an authentication agent with which to store user passwords for services so that the user is only prompted once per session (indeed, their login password could maybe suffice). This password is used as the private key to a small db of passwords, which any program can register with. The concept is akin to ssh-agent. Would this be a possible thing - or is their problems with this approach as well? How difficult would it be to implement? Chris -- ---------------------------------------------------------------------- The box said "Windows 95, NT or better" .. so I installed Debian Linux ---------------------------------------------------------------------- Reply with subject 'request key' for PGP public key. KeyID 0xA9E087D5
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:12 PDT