SRP Patch Integration?
Damien Miller
djm at mindrot.org
Wed Feb 13 13:13:00 EST 2002
On Tue, 12 Feb 2002, Tom Wu wrote:
> Markus Friedl wrote:
> >
> > On Mon, Feb 11, 2002 at 07:26:16PM -0800, Tom Wu wrote:
> > > Simply stated, SRP is a strong password authentication protocol that
> > > resists passive/active network attack, and when used in conjunction with
> > > OpenSSH, solves the "unknown host key" problem without requiring host
> > > key fingerprint verification or PKI deployment (e.g. X.509 certs). Put
> >
> > AFAIK the same applies to SSH2 w/ pubkey auth.
>
> Yes, but doesn't the client need a copy of the encrypted private key
> somewhere? When you log in from a new location, you need to initialize
> the credentials there out-of-band. With SRP or any other strong
> password technology, this isn't necessary - the password itself is the
> authenticator.
You need to initialise a password out of band too.
-d
More information about the openssh-unix-dev
mailing list