Archive for June, 2013
A combined solution to 15 different serious problems with password-based authentication, including the Pass-The-Hash (PTH) attack. No other measures come close to solving all these problems, and for many of the problems, I am unaware of any other solution at all. Sadly, both Microsoft and other security researchers did not really consider this solution or discounted it as unrealistic. The objections either showed flaws with only implementating half a solution or assuming legacy equipment or implementation difficulties will doom the project, due to a focus on what a large enterprise would be likely to implement with minimal effort right now. It reminds me of an immigration debate that focuses on people who are already here, paying less attention to future immigrants only to find that 30 years later, what happened to the future immigrants is all that mattered. Here are the objections, and why they should not stop you.