[PATCH] Introducing Zero-Knowledge user authentication

Darren Tucker dtucker at zip.com.au
Thu Nov 24 21:47:05 EST 2005

On Tue, Nov 22, 2005 at 09:49:40PM +0100, Andreas Gaupmann wrote:
> First we would like to describe the purpose of using Zero-Knowledge (ZK) for 
> user authentication.  Traditional authentication methods like 
> challenge-response with passwords or public keys leak information about the 
> credentials of a user

I'm not qualified to comment on the crypto aspects nor on the prospects
for inclusion.  That said, I have some comments on the patch itself.

Obviously password or C/R authentication leaks authentication information
to the server, but how does public-key?  (assuming the public-key
algorithm has not been broken)  Are you referring to a server collecting
signatures with various sessionids?

>From the patch, it looks like multiple rounds are required.  What impact
does that have on the authentication times, particularly on high-latency

You use the string "oo-zk" in the SSH protocol to identify the publickey
mechanism you implement.  Unless this has been registered with IANA you
should use a local method (ie "oo-zk at yourdomain.org") as specified in
section 6 of the "SSH Protocol Architecture" document.

The OpenBSD patch on your page includes all of the *.orig files, which
makes it hard to read.

Some of the files you add are under the GPL.  This isn't a problem while
you're publishing it as a patch, but it would prevent it from being

You also have some minor errors in the patch (use of C++/c99 "//" style
comments, declarations after code eg in key_fingerprint_raw()).  While
some compilers will permit those, some won't.  There's also some
whitespace-only changes which are unnecessary.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list