On Tue, Oct 24, 2000 at 10:25:14AM -0400, Lamar Owen wrote:
> I am forwarding this not to belittle MySQL, but to hopefully help in the
> development of our own encryption protocol for secure password
> authentication over the network.
>
> The point being is that if we offer the protocol to do it, we had better
> ensure its security, or someone WILL find the hole. Hopefully it will
> be people who want to help security and not exploit it.
Better not try to create it ourselves ;)
http://srp.stanford.edu/
It has even RFC's assigned to it. RFC2945, RFC2944
I put it into my TOLOOK list but have not found the time yet. :)
--
marko