SRP Patch Integration?
Tom Wu
tom at arcot.com
Tue Feb 12 14:26:16 EST 2002
Patrick Ryan wrote:
>
> Hi,
>
> I am wondering whether the SRP patch is going to be integrated into the
> OpenSSH distribution. I highly encourage it be integrated into the next
> distribution.
For those unfamiliar with the SRP patches to OpenSSH, they can be found
at:
http://members.tripod.com/professor_tom/archives/
The current patch applies to OpenSSH-3.0.2p1. For those on the list not
familiar with how SRP authentication works, more information is
available at:
http://srp.stanford.edu/
Simply stated, SRP is a strong password authentication protocol that
resists passive/active network attack, and when used in conjunction with
OpenSSH, solves the "unknown host key" problem without requiring host
key fingerprint verification or PKI deployment (e.g. X.509 certs). Put
another way, is there any good reason *not* to fold these patches into
OpenSSH proper?
> Thanks,
> Patrick
Tom
--
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg? Sounds Swedish..."
More information about the openssh-unix-dev
mailing list