[Next] [Up] [Previous] [Contents]
Next: 5.2.1.10 Why have domains Up: 5.2.1 DAIS Security Previous: 5.2.1.8 What are the

5.2.1.9 What are the advantages (and disadvantages) of using secret key technology (passwords) in DAIS Security?

 
Linda Gricius (March, 1998):

Password users have a simple life - they carry their authentication information (their password) with them in their heads, and most users already understand the idea of passwords. This has the advantage of not requiring that they login at a workstation that has any secrets pre-installed for them. It is also conceptually and procedurally easier for them to be set up to use a password and change the password at regular intervals.

The disadvantage of using passwords is that, by depending on a comparatively short memorable string, a password is inherently weaker than a large binary key value. Users often choose very guessable passwords, or write them down, or never change them, or only change between a small number of alternatives.

In addition a KDS41 is required to form associations for clients that authenticate using passwords, and in the case of inter-domain invocations, the KDSs of both domains are involved. This is less efficient at runtime.

Password users that have accounts in several principal domains should have different passwords for each domain. Each password is only trusted for use between the user and one domain's Authentication Service (AS).


[Next] [Up] [Previous] [Contents]
Next: 5.2.1.10 Why have domains Up: 5.2.1 DAIS Security Previous: 5.2.1.8 What are the