SRP secure remote password authentication

Tom Wu tom at
Thu Sep 18 05:25:27 EST 2003

Dan Kaminsky wrote:
> Consider:  You end up having to abandon OS level password systems.  No 
> PAM, no MD5 passwords...SSH needs to take it all inhouse, because the 

Actually, it's just a different "format" for OS-level password systems, 
implemented via PAM to support the new EPS password records.  So yes, 
you can't use crypt() or MD5, but EPS is merely a substitute for those. 
The PAM modules make EPS look like just another hash/salt algorithm.

> Search for Tom Holroyd's (Dr. Tom) work on this subject.
> --Dan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124

More information about the openssh-unix-dev mailing list