Passwords (fwd)

[anonymousmous]

>
>Unsolved problems (left as an exercise to the reader):
>
>(1) Securely changing Soandso's password in the presence of eavesdroppers.
>        (very hard without a pubic-key crypto system)
>(2) Managing the plaintext password on the client system (which is required
>        here) so that it isn't compromised. (rather easy)
>
>        Jon

Why not just have them use PGP? Pass out public keys. To get in, sign a
random string, different every time.