[MUD-Dev] TECH: Securing Symetric Encryption.
Brian Hook
hook_l at bookofhook.com
Fri Jul 15 15:32:15 CEST 2005
Take this with a grain of salt, since I'm not a security expert, but:
On Thu, 14 Jul 2005 10:33:33 -0400, William Leader wrote:
> is not an option (mainly because I don't want the hassle of
> managing key pairs).
There's no real hassle -- the public keys are, well, public, and can
be trivially downloaded to allow for asymmetric exchange of a faster
symmetric key. This is the basis of SSL.
This system would seem to be a lot less cumbersome and error prone
than what you've outlined.
> 4) No management or generation of key pairs.
Again, I'm not sure why this is an issue -- the server needs a key
pair and no one else does. It's generated one time, and it
publishes the key for everyone else.
> 1) Both parties must know a password ahead of time
> 2) The password is vulnerable when sent by mediums such as email
Those are bad enough right there.
Brian
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list