Daniel Harkins <dharkins@xxxxxxxxxxxxxxxxx> writes: >>It might be worth noting that any salted password remote authorization >>protocol has the same limitation as this draft's method, viz., that >>disclosure of the hash of the salted password allows an attacker to >>impersonate a client. That is, that this method is not somehow >>deficient because it also has that property. > > I don't think that is true. The client needs to know the password, > not the salted > hash. Maybe I'm misunderstanding you, but I think you're incorrect. Indeed, your draft says the salted password from a compromised database can be used directly to impersonate the EAP-pwd client The reason that this impersonation can be done is that this is a *remote* authorization protocol, and there is no way for the server to compel the attacker to hash what the attacker knows with the salt and then transmit the result. Whereas in a *local* authorization protocol, the server compels the user to present the supposed password, and then the server hashes it with the salt. Dale