2nd BETA release of OpenSSH with SRP

Tom Holroyd tomh at po.crl.go.jp
Wed Apr 11 16:58:46 EST 2001


This is the 2nd beta release of SRP for OpenSSH.

The patch attached to this message is relative to the current (20010411)
CVS sources of OpenSSH-portable (2.5.4p1).  A tarball is also available:

http://members.tripod.com/professor_tom/archives/
http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz

(Note: Tripod requires you to LEFT click on links to download files, and
your browser may or may not decompress it on the fly.)

md5sum:
85d42cec8a1b9c6241202352218edc16  openssh-2.5.4p1-srp6.tar

Main features:

* Strong authentication of both client *and* server, to protect
  against server-spoofing attacks.

* Authentication of the host key is built into the SRP exchange.
  This protects against spoofed servers even when the host key
  changes and/or the client doesn't know the host key.

* Fully compatible with the Stanford SRP distribution,
  so if you already have an /etc/tpasswd file it'll get used
  (libsrp is NOT required).

Changes from OpenSSH-2.5.2p2-srp5 to OpenSSH-2.5.4p1-srp6:

* Major parameters are now wrapped in an SRP_CTX struct, and
  both the client and server sides were rewritten to use dispatching.

* Config files (that store SRP parameters) must be owned by root and must
  not be writable by group or other ((mode & 033) == 0).
  $HOME/.ssh/verifier must be owned by the user and must not be readable by
  group or other ((mode & 077) == 0).  Other verifier files must be owned by
  root and must not be readable by group or other.

* The parameter test code in srp-util.c and tconf2embed.c was missing the
  test for g^2 mod p != 1.  Thus 6 was accepted as a primitive generator for
  7, which it ain't.

* tconf2embed -f means skip the primality check.

* Installation instructions in README.SRP.

Please send all bug reports/patches/complaints to <tomh at po.crl.go.jp>.

Dr. Tom Holroyd
"I am, as I said, inspired by the biological phenomena in which
chemical forces are used in repetitious fashion to produce all
kinds of weird effects (one of which is the author)."
	-- Richard Feynman, _There's Plenty of Room at the Bottom_



-------------- next part --------------
A non-text attachment was scrubbed...
Name: srp6.patch.gz
Type: application/octet-stream
Size: 37923 bytes
Desc: 
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010411/3cf49d65/attachment.obj 


More information about the openssh-unix-dev mailing list