SRP for OpenSSH

Albert Strasheim albert.strasheim at gmail.com
Mon Jan 24 06:04:16 EST 2011


Hello

On Sun, Jan 23, 2011 at 8:14 PM, Markus Friedl <mfriedl at gmail.com> wrote:
> OpenSSH already has jpake support.

Have the concerns about JPAKE mentioned in the comments in this blog:

http://rdist.root.org/2010/09/08/clench-is-inferior-to-tlssrp/

been resolved?

For example: "The JPAKE in OpenSSH is unfinished and I don’t recommend
enabling it".

Regards

Albert

> On Saturday, January 22, 2011, Albert Strasheim
> <albert.strasheim at gmail.com> wrote:
>> Hello all
>>
>> Support for Secure Remote Password (SRP) for OpenSSH was last discussed in 2004:
>>
>> http://marc.info/?l=openssh-unix-dev&w=2&r=1&s=SRP&q=b
>>
>> There's a SRP patch for OpenSSL that's about 2 years in the making:
>>
>> http://rt.openssl.org/Ticket/Display.html?id=1794
>>
>> Tom Wu from Stanford has been working on that.
>>
>> Has anything changed since 2004 that would make inclusion of SRP in
>> OpenSSH possible now?
>>
>> Regards
>>
>> Albert


More information about the openssh-unix-dev mailing list