SRP secure remote password authentication
Tom Wu
tom at arcot.com
Thu Sep 18 07:28:48 EST 2003
Edward,
With "plain" SRP, the server has a verifier and the client has the
actual password. The server's long-term secret is derivable from the
client's long-term secret but not vice-versa. SRP-Z adds a server
"password" and a client "verifier", which assures the client explicitly
that the server knows its password. With "plain" SRP, all you know is
that the server has the right verifier. For example, under "plain" SRP,
if you wrote your password on your monitor, an attacker could use that
information to impersonate a server that you were SSHing to, but SRP-Z
would prevent that. The downside is that clients need to keep
information about specific servers' "verifier" info around.
SSH/OpenSSH doesn't really need SRP-Z since it already uses host keys to
authenticate the server. Tom Holroyd's patches to OpenSSH implement
"plain" royalty-free SRP as a result.
Tom
Edward Flick wrote:
> Hello Tom,
> Since I am just now realizing you monitor this list. Exactly, what is
> implied by the SRP-Z license? As you can implicitly determine (by
> successful negotation) if the server on the other end is the server you
> intended to communicate with, exactly what is the differentiating factor
> between SRP and SRP-Z.
>
> Edward Flick
>
> -----Original Message-----
> From: openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org
> [mailto:openssh-unix-dev-bounces+eddy=cdf-imaging.com at mindrot.org]On
> Behalf Of Tom Wu
> Sent: Wednesday, September 17, 2003 2:20 PM
> To: Markus Friedl
> Cc: openssh-unix-dev at mindrot.org; Jeremy Nysen
> Subject: Re: SRP secure remote password authentication
>
>
> SRP is, if anything, the protocol with the *least* problematic patent
> license:
>
> http://www.ietf.org/ietf/IPR/WU-SRP
>
> since royalty-free terms are offered. If that isn't good enough for
> OpenSSH, then neither is DSA.
>
> Tom
>
> Markus Friedl wrote:
>
>>SRP and similar protocols have patent problems.
>>
>>are there any without?
>>
>>On Wed, Sep 17, 2003 at 11:00:18AM +1000, Jeremy Nysen wrote:
>>
>>
>>>Are there any plans to include support for SRP or a similar zero-knowledge
>>>password protocol into OpenSSH?
>>>
>>>--
>>>Jeremy
>>>
>>>_______________________________________________
>>>openssh-unix-dev mailing list
>>>openssh-unix-dev at mindrot.org
>>>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
>>
>>_______________________________________________
>>openssh-unix-dev mailing list
>>openssh-unix-dev at mindrot.org
>>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
> --
> Tom Wu
> Chief Security Architect
> Arcot Systems
> (408) 969-6124
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124
More information about the openssh-unix-dev
mailing list