Displaying 1 result from an estimated 1 matches for "inplus".
Did you mean:
icplus
2000 Feb 24
1
Making password driven SSH 'immune' to MTM attacks.
...me does not further reduce security in the situation
where the password is comprimised.
First go to http://srp.stanford.edu/srp/ and read up on SRP. SRP is a
password authentication system with the following properties:
* 'Shadowed' password data stored on server. It's computationally
inplusable that an attacker could derrive the password from the 'shadow'
(like MD5).
* The client sends NON plain-text equivlent data across the wire.
* It's infeasable for an MTM attack to occure unless the MTM knows either
the 'shadow' from the server, or the plain-text password (in...