SRP secure remote password authentication
Dan Kaminsky
dan at doxpara.com
Wed Sep 17 06:02:35 EST 2003
Jeremy Nysen wrote:
> Are there any plans to include support for SRP or a similar
> zero-knowledge password protocol into OpenSSH?
>
Talked about, at length. Even got code working. Came to the conclusion
that until we find a workable system of using it to support centralized
authentication, it's not worth the surprisingly small gains.
Consider: You end up having to abandon OS level password systems. No
PAM, no MD5 passwords...SSH needs to take it all inhouse, because the
daemon never receives the plaintext to toss elsewhere. Each account
ends up with a password equivalent of a pubkey, which (as we discovered
through testing) is fundamentally crackable given the amount of entropy
contained within.
Now, there is a really interesting model by which you validate unknown
host keys because the password mutually authenticates, but it's
surprisingly tricky to make it work right...and until it works right,
it's better not to do at all.
Search for Tom Holroyd's (Dr. Tom) work on this subject.
--Dan
More information about the openssh-unix-dev
mailing list