In distributed systems, the network between the machine on which the
password is typed and the machine the password is authenticating on is
accessible to everyone.
Two roles for encryption:
- Authentication - do we share the same secret?
- Secrecy - I don't want anyone to know this data (eg medical
records)
Use an encryption algorithm that can easily be reversed given the
correct key, and difficult to reverse without the key
- From cipher text, can't decode without password.
- From plain text and cipher text, can't derive password.
- As long as the password stays secret, we get both secrecy and
authentication.
Subsections
Ian Wakeman
2005-02-22