Browse Prior Art Database

Secure Encryptionless Network Transmission of Passphrases

IP.com Disclosure Number: IPCOM000123773D
Original Publication Date: 1999-Apr-01
Included in the Prior Art Database: 2005-Apr-05
Document File: 1 page(s) / 58K

Publishing Venue

IBM

Related People

Coar, KAL: AUTHOR

Abstract

The need is to safely distribute passphrases across a computer network. This invention describes a means of supplying the need without requiring costly encryption hardware or other mechanisms that may be subject to governmental restrictions and controls. The intended customer base is system administrators wishing to simplify management of a limited number of user IDs across a large number of systems.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 55% of the total text.

Secure Encryptionless Network Transmission of Passphrases

   The need is to safely distribute passphrases across a
computer network.  This invention describes a means of supplying the
need without requiring costly encryption hardware or other
mechanisms that may be subject to governmental restrictions and
controls.  The intended customer base is system administrators
wishing to simplify management of a limited number of user IDs
across a large number of systems.

   As an example, assume a client C, a server S, an user U of
the client C, and an administrator A.  The passphrase involved is
that used by C to authenticate U and let him log on ('U's
passphrase').

   Some deterministic trapdoor function F is used to turn a
plaintext passphrase P into an opaque quantity P' for referential
storage.  Given the plaintext passphrase P supplied by the user U,
F(P) is compared to the stored P'.  If they are identical, U is
considered to be authenticated and is allowed to log on.  (Example
implementations: the one-way DES encryption performed by crypt()
function on many flavours of Unix; the MD5 digest construction used
by FreeBSD; the Purdy polynomial digest used by OpenVMS.)

   Implementation:

   A and U agree upon a secret algorithm G for determining
the plaintext password from arbitrary quantities.  Some of these
quantities may be environmental; perhaps something like G(x) =
"FOO<reversed-username>bar", or G(x) =
"<substr(0,3,username)><hostname(C)><substr(0,-3,userna...