[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: new draft (draft-arsenault-sacred-reqs-00.txt)]
> Thanks, I think. :-)
You're welcome. Honest. :-)
> >I don't think I follow what is meant by "network-based off-line".
> >Can you elaborate?
> I meant "network-based off-line attacks" to be the same as "off-line
> attacks from the network" -- generally attacks where the enemy is *not*
> to be in control of the credentials server or have access to secret data on
> the server.
> But this enemy may eavesdrop, or pose (unsuccessfully) as a client to the
> or vice-versa, or maybe act as a man-in-the-middle, to obtain some crucial
> He then uses the data off-line to crack a password or private key.
Ok, now I see what you mean.
Does anyone know of an existing classification of various attacks
against password based authentication schemes that we might be
able to re-use here? (Or feel like creating one?)
Reason I ask is that I can see us spending a lot of time explaining
ourselves to one another otherwise.
Baltimore Technologies, tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane, fax: +353 1 647 7499
Dublin 2. mailto:stephen.farrell@xxxxxxxxxxxx