[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Username/Password authentication strengh


  • Subject: Re: [Openvpn-users] Username/Password authentication strengh
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 29 Dec 2004 01:48:29 +0100 (CET)

On Tue, 28 Dec 2004, Leonard Isham wrote:

With normal cryptography where you have access to both the chipertext and
plaintext you can easily do an off-line brute-force attack, but as I have
understood it, with a properly designed password authentication protocol,
it is not possible to sniff the traffic and do an off-line brute-force
attack on this data, is this correct?

I've been reading up on this matter, and found this internet draft describing diffrent authentication mechanisms pretty interesting. Maybe someone else is interested...


http://bgp.potaroo.net/ietf/idref/draft-iab-auth-mech/

/Mathias

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users