- 10 -

Conclusion Recall that our goal was a system that is as secure as time–sharing. We feel we have met this goal. The way you are authenticated in a time–sharing system is by knowing your password. In our system, the same is true. In time–sharing the person you trust is your system administrater, who does not do anything dirty such as change your passwd entry so they can impersonate you. In our system, you instead trust your network administrater who does not change your entry in the public key database. In one sense, our system is even more secure than time–sharing. In our system, it is unfruitful to place a tap on the network in the hopes of catching a password or encryption key, because we encrypt them. Most time–sharing environments do not encrypt the data emanating from the terminal; users must trust that nobody is tapping their terminal lines. DES authentication is not the end–all authentication system for Sun. It is likely that in the future there will be sufficient advances in algorithms and hardware to render the public key system as we have defined it useless. The nice thing about DES authentication is that there is a smooth migration path for it in the future. Syntactically speaking, nothing in the protocol requires the encryption of the conversation key to be Diffie–Hellman, or even public key encryption in general. To make the authentication stronger in the future, all that needs to be done is to strengthen the way the conversation key is encrypted. Semantically though, this will be a different protocol, but the beauty of RPC is that it can be plugged in and live peacefully with the older authentication systems. But for the present at least, DES authentication satisfies our requirements for a secure networking environment. From it, we are able to build a system secure enough for use in unfriendly networks, such as for example a student–run university workstation environment. The price for this security is not high. Nobody has to carry around a magnetic card or remember any hundred digit numbers. You use your login password to authenticate yourself, just as you did before. There is a small impact on performance, but if this worries you and you have a friendly net, you can merely turn the authentication off.