Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: The problem with SSH2
From: Niels Möller (nisselysator.liu.se)
Date: Thu Dec 28 2000 - 14:44:44 CST
- Next message: Theodore Y. Ts'o: "Re: The problem with SSH2"
- Previous message: Bram Cohen: "Re: The problem with SSH2"
- Next in thread: Niels Möller: "Re: The problem with SSH2"
- Maybe reply: Niels Möller: "Re: The problem with SSH2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bram Cohen <bramgawth.com> writes:
> This problem can't be fixed with traditional UNIX password files. It can,
> however, be fixed if the password format includes something which can be
> used to verify that someone has the password without requiring that the
> password actually be handed over, as is done in SRP.
LSH includes experimental support for SRP.
I won't do much more with those parts of the code until the patent
issues are cleared up, though. Real information about that is
appreciated, as I'm afraid I was misinformed at the time I implemented
> It would be a really good idea to campaign to the Linux kernal folks to
> have SRP passwords installed and used by default, rather than requiring
> anyone who wants to use them recompile that stuff from scratch.
It has absolutely nothing to do with the kernel. Password
authentication (of any kind) is a user level issue. If you want to
campaign, I think you should talk to the glibc folks. But I'm pretty
sure they're even more paranoid about software patents than anybody on
coderpunks. And perhaps you could also talk to the PAM folks.