Date: Thu, 8 Jul 1999 17:46:23 +0200 From: Eivind Eklund <eivind@freebsd.org> To: Kris Kennaway <kkennawa@physics.adelaide.edu.au> Cc: Peter Wemm <peter@netplex.com.au>, security@freebsd.org Subject: Re: Improved libcrypt ready for testing Message-ID: <19990708174622.B50609@bitbox.follo.net> In-Reply-To: <Pine.OSF.4.10.9907082253220.14192-100000@bragg>; from Kris Kennaway on Thu, Jul 08, 1999 at 11:13:53PM %2B0930 References: <19990708111429.E46370@bitbox.follo.net> <Pine.OSF.4.10.9907082253220.14192-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 08, 1999 at 11:13:53PM +0930, Kris Kennaway wrote: > On Thu, 8 Jul 1999, Eivind Eklund wrote: > > Kris Kennaway wrote: > > > I have the SRP reference implementation working at home - it > > > requires changes to clients, though. > > > > Does it require changes to clients in order to be used as a normal > > password hash, not to do challenges against? I can't remember > > anything about it that would force that? > > SRP stores a salt and "verifier" (essentially just the hash of the password > taken as an exponent of a large integer modulo another large integer) > > As an interim measure, this could be used as just another hash > algorithm like any other which is queried by cleartext passwords, > but obviously you wouldn't want to be querying some services using > SRP and others using the plaintext of the same password. I disagree. In my opinion, you would obviously want to - to give a simple example, I'm willing to type my plaintext password at a login prompt, but I'm not willing to transfer it in the clear using POP3. > I should have time this weekend to knock this up together with some > of the changes discussed so far in this thread. > > The simplest way to SRP-ify an application is probably to make both > client and server talk PAM and use the pam_srp module (which I > haven't checked out yet). This is the next step after actually having the SRP password hashes in the database in the first place :) Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990708174622.B50609>