SRP Patch Integration?
Tom Wu
tom at arcot.com
Wed Feb 13 10:45:49 EST 2002
Markus Friedl wrote:
>
> On Mon, Feb 11, 2002 at 07:26:16PM -0800, Tom Wu wrote:
> > Simply stated, SRP is a strong password authentication protocol that
> > resists passive/active network attack, and when used in conjunction with
> > OpenSSH, solves the "unknown host key" problem without requiring host
> > key fingerprint verification or PKI deployment (e.g. X.509 certs). Put
>
> AFAIK the same applies to SSH2 w/ pubkey auth.
Yes, but doesn't the client need a copy of the encrypted private key
somewhere? When you log in from a new location, you need to initialize
the credentials there out-of-band. With SRP or any other strong
password technology, this isn't necessary - the password itself is the
authenticator.
Tom
--
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg? Sounds Swedish..."
More information about the openssh-unix-dev
mailing list