Re: [Mip4] dynamic keys
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mip4] dynamic keys
Tuesday 10 February 2004, Jeremy A. Greene wrote:
> Username/pw can be tied to their existing ones (like existing aaa pw
> or through MS domain etc.). And username/pws tend to be easier to
> remember and update. And a md5 key is not the easiest thing to
> remember or type in. Anyway, it seems that it's a more traditional
> approach that people have already dealt with in one way or another.
> This seems like another thing to deal with.
I see no reason why a one-time username/password (or a pre-existing one,
if it is deemed strong enough), cannot be run through a hash function to
give you your initial AAAH-MN key. As long as the hash function is the
same at both ends, the entropy of the username/password used as input is
sufficient, and the method of distributing the username/password is
deemed secure enough for the application in hand, you're home free.
There's no reason to bother a user with entering a string of hex digits,
for instance.
Henrik
Attachment:
pgp00083.pgp
Description: PGP signature
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
