This is the 2nd beta release of SRP for OpenSSH.
The patch attached to this message is relative to the current (20010411)
CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available:
http://members.tripod.com/professor_tom/archives/
http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz
(Note: Tripod requires you to LEFT click on links to download files, and
your browser may or may not decompress it on the fly.)
md5sum:
85d42cec8a1b9c6241202352218edc16 openssh-2.5.4p1-srp6.tar
Main features:
* Strong authentication of both client *and* server, to protect
against server-spoofing attacks.
* Authentication of the host key is built into the SRP exchange.
This protects against spoofed servers even when the host key
changes and/or the client doesn't know the host key.
* Fully compatible with the Stanford SRP distribution,
so if you already have an /etc/tpasswd file it'll get used
(libsrp is NOT required).
Changes from OpenSSH-2.5.2p2-srp5 to OpenSSH-2.5.4p1-srp6:
* Major parameters are now wrapped in an SRP_CTX struct, and
both the client and server sides were rewritten to use dispatching.
* Config files (that store SRP parameters) must be owned by root and must
not be writable by group or other ((mode & 033) == 0).
$HOME/.ssh/verifier must be owned by the user and must not be readable by
group or other ((mode & 077) == 0). Other verifier files must be owned by
root and must not be readable by group or other.
* The parameter test code in srp-util.c and tconf2embed.c was missing the
test for g^2 mod p != 1. Thus 6 was accepted as a primitive generator for
7, which it ain't.
* tconf2embed -f means skip the primality check.
* Installation instructions in README.SRP.
Please send all bug reports/patches/complaints to <tomh at po.crl.go.jp>.
Dr. Tom Holroyd
"I am, as I said, inspired by the biological phenomena in which
chemical forces are used in repetitious fashion to produce all
kinds of weird effects (one of which is the author)."
-- Richard Feynman, _There's Plenty of Room at the Bottom_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: srp6.patch.gz
Type: application/octet-stream
Size: 37923 bytes
Desc:
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010411/3cf49d65/attachment.obj
