When trying to improve the security of password based authentication, one wants to prevent attackers from
eavesdropping on passwords in transit, and from mounting offline dictionary attacks, namely attacks that enable
the attacker to check all possible passwords without requiring any feedback from the server. Eavesdropping attacks can be prevented by encrypting the communication between the user and the server, for example using SSL. Offline dictionary attacks are prevented by limiting access to the password file (and can be made even harder by adding well-known measures such as the use of salt).
Sunday, April 3, 2011
Subscribe to:
Post Comments (Atom)
Subscribe to email feed
