LinuxSecurity.com: Introduction To AuthenticationMay 08, 2000, 18:05 (0 Talkback[s])
(Other stories by David Corcoran)
[ Thanks to Christopher Pallack for this link. ]
"In this feature, David Corcoran, founder of the Linux SmartCard Project, describes Unix passwords, their insecurities, RSA, and using RSA PAM authentication and possible attacks."
"Authentication is usually done by providing a login name and a password, which the system shares secretly with the user. This guarantees that the person attempting to authenticate knows the login and the password but this does not mean that the person is who the system believes it is."
"Public key cryptography has been in practice for many years to help protect information for a particular user or group. Like the name implies there is a public and a private component to this method. Two keys are generated that have a unique mathematical relationship with each other. One key is given to the public (public key) and the other key is held by the user (private key). One key can encrypt a particular text and the other must be used to decrypt it. In most cases, a user who wants to deliver a document to a recipient takes the public key. The user chooses the recipient's public key and encrypts the document and proceeds to transmit the encrypted document to the recipient. The recipient then uses their private key to decrypt the encrypted document and the transmission was performed successfully."