Re: Looking for feedback/advice on authentication protocol
From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: 04/12/03
- Next message: David Wagner: "Re: Covert Channels: a dead issue in TCP/IP v6? (currently world uses v4)"
- Previous message: David Wagner: "Re: Cipher Structure which is Key Dependent"
- In reply to: Carlos Moreno: "Looking for feedback/advice on authentication protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: daw@mozart.cs.berkeley.edu (David Wagner) Date: Sat, 12 Apr 2003 21:15:15 +0000 (UTC)
Oh, boy. Designing your own authentication protocol is risky. I think
it's worth trying hard to avoid this, if you can possibly avoid it.
There are many pitfalls here.
Why not just use SSL, SSH, or Kerberos? Kerberos was designed for exactly
this sort of scenario. Or, you could set up a secure connection between
the client and "login server" using SSL or SSH; then you could set up a
secure connection between the "login server" and real server similarly;
and go from there. SSL and SSH have been well-studied and seem to avoid
the most common pitfalls.
If you really, really want to design your own authentication protocol,
and if security matters, my advice would be to get help from some
experienced security consultant.
- Next message: David Wagner: "Re: Covert Channels: a dead issue in TCP/IP v6? (currently world uses v4)"
- Previous message: David Wagner: "Re: Cipher Structure which is Key Dependent"
- In reply to: Carlos Moreno: "Looking for feedback/advice on authentication protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
