|
|
Posted by The Natural Philosopher on 11/21/07 22:38
Sanders Kaufman wrote:
> "C. (http://symcbean.blogspot.com/)" <colin.mckinnon@gmail.com> wrote in
> message news:f41b190d-7b7b-482c-9bee-
>> On 20 Nov, 16:52, The Natural Philosopher <a...@b.c> wrote:
>
>> Maybe he just means a challenge based hash system to avoid sending
>> passwords in clear text. Or maybe he means CHAP as implemented in PPP,
>> or maybe he means CHAP as implemented by Microsoft for PPP.
>>
>> In the case of the former, see
>> http://groups.google.co.uk/group/comp.lang.php/browse_thread/thread/c5960aa0afac2621/4993d290eb78f811?hl=en&lnk=gst&q=MD5+salt
>
> In my experience, when a non-techie customer says something like that, it's
> because someone somewhere told them CHAP was important, and it just got
> stuck in their craw.
> It's usually not wise to try to "correct" them.
> The best way to deal with something like that is to ensure that you do
> perform some kind of Challenge/Authentication; call it a "protocol"; and
> explain that you're already on the right track with their state goal.
>
> It accomlishes several things.
> 1. It reassures them that they have not been duped by previous contractors.
> 2. It reassures them that you are not trying to dupe them.
> 3. It meets the spec, rather than trying to change the spec.
>
> That last one is VERY important.
>
>
>
"Its better than CHAP"
Navigation:
[Reply to this message]
|