RE: ISCSI: User authentication vs. Machine Authentication for iSCSI

To: "'John Hufferd'" <hufferd@us.ibm.com>, Bill Strahm <bill@sanera.net>
Subject: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
From: "CONGDON,PAUL (HP-Roseville,ex1)" <paul_congdon@hp.com>
Date: Thu, 30 Aug 2001 15:41:39 -0700
Cc: "Ips@Ece. Cmu. Edu" <ips@ece.cmu.edu>
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu


Just one clarification on John's response (which I agree with, by the way,
as well as Charles and Mark's comments).  John stated.

>Note: Mark pointed out that this was the way Web servers worked.
>3. Chap can  be used in this environment since the Link is already secure
>and encrypted, and sending the password in what otherwise would have been
>in the clear, is protected by the link encryption.

CHAP does not send passwords in the clear.  It may send user identities in
the clear, and it requires a shared secret to be stored in multiple
locations, but the password is hashed using MD5 or other similar algorithm.
MD5 may not be considered the tightest hash algorithm, but it produces stuff
far from clear text.

Paul

Prev by Date: RE: iSCSI-08 Draft Availability?
Next by Date: Re: ISCSI: User authentication vs. Machine Authentication for iSCSI
Prev by thread: Re: ISCSI: User authentication vs. Machine Authentication for iSCSI
Next by thread: Re: ISCSI: User authentication vs. Machine Authentication for iSCSI
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:49 2001
6315 messages in chronological order