SRP Patch Integration?

Tom Wu tom at
Wed Feb 13 10:45:49 EST 2002

Markus Friedl wrote:
> On Mon, Feb 11, 2002 at 07:26:16PM -0800, Tom Wu wrote:
> > Simply stated, SRP is a strong password authentication protocol that
> > resists passive/active network attack, and when used in conjunction with
> > OpenSSH, solves the "unknown host key" problem without requiring host
> > key fingerprint verification or PKI deployment (e.g. X.509 certs).  Put
> AFAIK the same applies to SSH2 w/ pubkey auth.

Yes, but doesn't the client need a copy of the encrypted private key
somewhere?  When you log in from a new location, you need to initialize
the credentials there out-of-band.  With SRP or any other strong
password technology, this isn't necessary - the password itself is the

Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."

More information about the openssh-unix-dev mailing list