Re: Minimal Authorization

Stephen D Crocker (crocker@tis.com)
Sat, 13 Aug 1994 21:38:03 +0200

Brian, et al.,

The essence of your argument is that nothing serious will happen if
the password is stolen. If so, then it's basically unimportant to
have a password in the first place; just use names without any
protection at all.

Once you go to the trouble of having state information specific to the
user maintained on the server, i.e. a secret shared between the user
and the server, you've already decided there's something worth
protecting. In that case, protecitng the password in transit seems
obligatory.

You're arguing otherwise. I don't know of applications where it makes
sense to have passwords but doesn't matter if the passwords are
disclosed to unauthorized people as they're sent over the network. I
suppose there might be such applications, but I don't know of any.

The issue isn't whether the ordinary *user* is competent to mount a
sniffing attack; the question is what the ordinary *hacker* will do.

Steve