[ RFC Index | RFC Search | Usenet FAQs | Web FAQs | Documents | Cities ]

---

Search the Archives

Display RFC by number

---

RFC 1929: The current system of transferring passwords in cleartext is...

<< Back to: RFC 1929

 
Reader comments:
 

Comment by Joydeep Biswas
Submitted on 12/4/2004
Related RFC: RFC 1929
Rating:	Rate this comment: N/A Worst Weak OK Good Great
The current system of transferring passwords in cleartext is very vulnerable, even in layer 2 switched networks. An alternetive solution for high-security networks would be to use public key encryption.The proxy server could send a public key to the client, and the client could reply with the password encrypted using the public key. To make it more secure, the proxy server could send one of many possible (pre-generated) public keys from its bank. In this case, even if the encrypted password is intercepted, the attacker cannot use it again, unless he/she gets the same public key sent from the proxy.

 
 
FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.

<< Back to: RFC 1929

---

[ RFC Index | RFC Search | Usenet FAQs | Web FAQs | Documents | Cities ]