One of them is identity propagation. The fact that Bob
wants to authenticate Alice before granting her privileges seems
obvious and familiar. Thanks to the Eve scam we just described
however, it is also clear that Alice should make sure that Bob is
Effective use of
cryptography entails
agreements
among parties
Cryptography alone
cannot solve all
security problems
38 The Problem
really who he claims to be before trusting him with her data.
This exempli?¬?es the concept of server authentication. Another
lesson we may draw from the scene described earlier is that the
password-based authentication is very brittle; Eve should not be
able to intercept it in the ?¬?rst place, but in the case in which it
happens, it is really not acceptable that she can so easily use it
for impersonating Alice. More robust systems would prevent
this; we describe some of them in the following subsections.
However, they exhibit the same limitation mentioned for cryptography
in general: that all parties must agree on a speci?¬?ed
system for it to work.
In the rest of this section, we develop some of the themes mentioned
in this introduction: cryptography, identity propagation,
and alternatives to passwords.
Pages:
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89