Re: [Cfrg] ´ð¸´: Re: ´ð¸´: Re: [saag] New draft: Ha shed Password Exchange

"Henry B. Hotz" <hotz@jpl.nasa.gov> Mon, 06 February 2012 23:30 UTC

Return-Path: <hotz@jpl.nasa.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1896511E80B8; Mon, 6 Feb 2012 15:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.449
X-Spam-Level:
X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LaRIM2F8i1z; Mon, 6 Feb 2012 15:30:46 -0800 (PST)
Received: from mail.jpl.nasa.gov (mailhost.jpl.nasa.gov [128.149.139.106]) by ietfa.amsl.com (Postfix) with ESMTP id 9D37711E80B4; Mon, 6 Feb 2012 15:30:46 -0800 (PST)
Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) (authenticated (0 bits)) by smtp.jpl.nasa.gov (Switch-3.4.3/Switch-3.4.3) with ESMTP id q16NUcRt004415 (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits) verified NO); Mon, 6 Feb 2012 15:30:39 -0800
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <9E8EB80F-5D1E-4C68-8D52-4B2432DBF15D@cs.columbia.edu>
Date: Mon, 6 Feb 2012 15:30:38 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <09A8326E-89A7-4CE7-89AD-A8078995485F@jpl.nasa.gov>
References: <OF4B334631.C715AF00-ON48257998.0007373A-48257998.00078BA6@zte.com.cn> <e598972c439562298e33614b230b1896.squirrel@www.trepanning.net> <9E8EB80F-5D1E-4C68-8D52-4B2432DBF15D@cs.columbia.edu>
To: Steven Bellovin <smb@cs.columbia.edu>
X-Mailer: Apple Mail (2.1084)
X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44]
X-Source-Sender: hotz@jpl.nasa.gov
X-AUTH: Authorized
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "cfrg-bounces@irtf.org" <cfrg-bounces@irtf.org>
Subject: Re: [Cfrg] =?iso-8859-1?q?=B4=F0=B8=B4=3A_Re=3A__=B4=F0=B8=B4=3A_Re?= =?iso-8859-1?q?=3A__=5Bsaag=5D_New_draft=3A_Ha__shed_Password_Exchange?=
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2012 23:30:47 -0000

On Feb 2, 2012, at 3:38 PM, Steven Bellovin wrote:

> "In a world of smart cards, hand-held authenticators, and zero-
> knowledge proofs, it seems pointless to be worrying about poorly-
> chosen passwords.  Were the world like that, we might agree.  Today,
> it is not."  Mike Merritt and I wrote that about 20 years ago, in
> the original EKE paper.  Fortunately, passwords are no longer in use,
> since they've been replaced by better technology, right?  Oh, wait.

;-)

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu