17 Dec
2003
17 Dec
'03
11:17 p.m.
Unsolved problems (left as an exercise to the reader):
(1) Securely changing Soandso's password in the presence of eavesdroppers. (very hard without a pubic-key crypto system) (2) Managing the plaintext password on the client system (which is required here) so that it isn't compromised. (rather easy)
Jon
Why not just have them use PGP? Pass out public keys. To get in, sign a random string, different every time.