Encryption Recommendation

[Paul Rubin]

Michael Ströder <michael at stroeder.com> writes:
> But if the password checking is done with a challenge-response
> mechanism (e.g. HTTP-Digest Auth or SASL with DIGEST-MD5) it's
> required that the instance checking the password has the clear-text
> password available. So reversible encryption for storing passwords
> might be required.

If you're trying to authenticate network logins using passwords, and
if you have control over both ends of the protocol but for some reason
don't want to use a full-blown encryption scheme, it's far better to
authenticate with something like SRP (http://srp.stanford.edu) than a
more primitive method like HTTP digest auth.  SRP doesn't require
storing plaintext passwords, and more importantly, it protects the
password from offline dictionary searches by someone sniffing the
network connection.  

There is a Python SRP implementation embedded in TLSLite
(www.trevp.com/tlslite) but it might be nice to extract or reimplement
the SRP code so that it can be used separately from TLS.