On Tue, 9 Jul 2002, Roland Postle wrote: > > > Recommendations > > > --------------- > > > Store passwords in an encrypted form > > > > How are you gonna accomplish this since the password has to go 'over the > > wire' in plaintext? To be able to authenticate with the password you need > to > > be able to decrypt it.. right? > > 'Storing' the password in encrypted form would be quite easy to accomplish, > and it would at least stop the casual snooper. You could argue that the same > passwords /are/ encrypted when they're put in the registry, so why not in > .ins files too? It increases the security a tad. > > Anyway, for a complete solution I think we should wait for... Palladium and > TCPA-based modems. The question with Palladium is twofold, how quickly it can be brought to market, and then how quickly folks are going to want to upgrade HW. Therefore the initial spread, if it gains acceptance at all will be with first time PC buyers most likely when/if it comes to market. Somehow it rings here inline with the old try at the crypto chips a few years back, I forget at present the term used for that fiasco. Though claims have been made Palladium will not make it capable to build in a backdoor for the gov to decrpyt, one has to wonder how "impossible" this would truely be. I'm sure the crypto folks might have better insights to this... Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 11:42:37 PDT