SRP secure remote password authentication

Dan Kaminsky dan at
Wed Sep 17 06:02:35 EST 2003

Jeremy Nysen wrote:

> Are there any plans to include support for SRP or a similar 
> zero-knowledge password protocol into OpenSSH?
Talked about, at length.  Even got code working.  Came to the conclusion 
that until we find a workable system of using it to support centralized 
authentication, it's not worth the surprisingly small gains.

Consider:  You end up having to abandon OS level password systems.  No 
PAM, no MD5 passwords...SSH needs to take it all inhouse, because the 
daemon never receives the plaintext to toss elsewhere.  Each account 
ends up with a password equivalent of a pubkey, which (as we discovered 
through testing) is fundamentally crackable given the amount of entropy 
contained within.

Now, there is a really interesting model by which you validate unknown 
host keys because the password mutually authenticates, but it's 
surprisingly tricky to make it work right...and until it works right, 
it's better not to do at all.

Search for Tom Holroyd's (Dr. Tom) work on this subject.


More information about the openssh-unix-dev mailing list