search for: srp

I just joined the list, and I see in the archives that about a month ago there was a brief discussion of SRP, but it was dismissed. I urge people to take a look at this site: http://srp.stanford.edu/srp/ It's very cool. Let's say I'm on vacation visiting a friend, and I want to log in to my account back home. I trust my friend's machine, but I don't have my home machine's publ...

>Simply stated, SRP is a strong password authentication protocol that >resists passive/active network attack, and when used in conjunction with >OpenSSH, solves the "unknown host key" problem without requiring host >key fingerprint verification or PKI deployment (e.g. X.509 certs). Put >another...

This is to announce the availability of SRP (Secure Remote Password) support for OpenSSH. A tarball is available on Tripod: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.2p2-srp5.tar.gz (Note: Tripod requires you to LEFT click on links to download files.) To install, unpack...

G'day, First off, I'm not subscribed to the list, so if there are any responses that should be directed to me, feel free to CC me in :) The below url is an updated patch of Professor Tom's earlier SRP patches for SSH. The only things changed was so that it would compile on a newer openssh version. For more information regarding SRP, see http://srp.stanford.edu This isn't intended to be applied by mainstream, just more for people who are interested in a SRP enabled OpenSSH. I haven't lo...

Are there any plans to include support for SRP or a similar zero-knowledge password protocol into OpenSSH? -- Jeremy

On Sun, 29 Apr 2001, RJ Atkinson wrote: > At 06:26 27/04/01, Tom Wu wrote: > >For those of you who were following the discussion about the new draft > >and implementation of SRP-based password authentication in OpenSSH, I > >promised to have Stanford issue the IETF an official, explicit, > >statement reiterating the unencumbered royalty-free licensing terms. > >The new statement is now available from the IETF's IPR page. > > Thanks. > > Fo...

In message <Pine.LNX.4.30.0104031615270.8678-100000 at holly.crl.go.jp>, Tom Holro yd writes: >SRP has different requirements from Diffie-Hellman. In particular, >for SRP the generator must be primitive. It turns out that the "primes" >file contains only safe primes with primitive generators, and is thus >ideal for SRP, but so far in OpenSSH it has only been used for DH, &gt...

...rity against that. For the rest of this message, we will assume a password is indeed a shared secret. This makes sence because if it's not a secret, your security is gone anyways. My scheme does not further reduce security in the situation where the password is comprimised. First go to http://srp.stanford.edu/srp/ and read up on SRP. SRP is a password authentication system with the following properties: * 'Shadowed' password data stored on server. It's computationally inplusable that an attacker could derrive the password from the 'shadow' (like MD5). * The client sends...

This is the 2nd beta release of SRP for OpenSSH. The patch attached to this message is relative to the current (20010411) CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz (Note: Tri...

Hello all Support for Secure Remote Password (SRP) for OpenSSH was last discussed in 2004: http://marc.info/?l=openssh-unix-dev&w=2&r=1&s=SRP&q=b There's a SRP patch for OpenSSL that's about 2 years in the making: http://rt.openssl.org/Ticket/Display.html?id=1794 Tom Wu from Stanford has been working on that. Has anyth...

this patch fixes the following problem: x86_64-unknown-linux-gnu-gcc -nostdinc -fno-builtin -fno-common -fno-strict-aliasing -iwithprefix include -Wall -Werror -Wno-pointer-arith -pipe -I/home/srp/darcs/xen-64-4/xen/include -I/home/srp/darcs/xen-64-4/xen/include/asm-x86/mach-generic -I/home/srp/darcs/xen-64-4/xen/include/asm-x86/mach-default -O3 -fomit-frame-pointer -msoft-float -m64 -mno-red-zone -fpic -fno-reorder-blocks -fno-asynchronous-unwind-tables -g -DVERBOSE -c x86_64/usercopy.c -o...

Just wondering if there were any plans to integrate SRP support into OpenSSH. And if there aren't would a patch be accepted that would enable such. And if so could anyone give me a couple of pointers as to where the authentication code goes. Edward Flick

Dear members. I'm looking for best practice for administration Infiniband SRP volume with libvirt (virsh) How to manage these volumes? * SRP Disk is /dev/disk/by-id/scsi-2766f6c3030303037 or /dev/sdi Now I edited guest domain file with ``virsh edit XXXX'' command and append the following lines. <disk type='block' device='disk'&g...

...0xFFBEFAE0) = 0 lstat64("toolbox/spicenet2G6", 0xFFBEFAE0) = 0 lstat64("toolbox/spicenet2G6", 0xFFBEF1D8) = 0 lstat64("toolbox/spicenet2G6.SpiceNet2G6.attr", 0xFFBEFAE0) = 0 lstat64("toolbox/spicenet2G6/spicenet2G6.qual", 0xFFBEFAE0) = 0 lstat64("toolbox/srp", 0xFFBEFAE0) = 0 lstat64("toolbox/srp", 0xFFBEF1D8) = 0 lstat64("toolbox/srp.mgc_srp_tool.attr", 0xFFBEFAE0) = 0 lstat64("toolbox/srp/srp.qual", 0xFFBEFAE0) = 0 lstat64("toolbox/test_fablink", 0xFFBEFAE0) = 0 lstat64("toolbox/test_fablink",...

For those of you who were following the discussion about the new draft and implementation of SRP-based password authentication in OpenSSH, I promised to have Stanford issue the IETF an official, explicit, statement reiterating the unencumbered royalty-free licensing terms. The new statement is now available from the IETF's IPR page. Tom

I have uploaded a new release of the OpenSSH (portable) SRP patch. This version is vs. the 20010625 openssh_cvs; there are no other changes. You can find it here: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.tar.bz2 http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.patch.bz2 T...

Hello All, I am new to samba and need some help from the samba experts. I have installed, configured and running samba 2.03 on IRIX 6.5 It is working pretty well with encrypted password on. I have converted the /etc/passwd file to smbpasswd with mksmbpasswd script which generated 32X's format as stated in the documentation. Now the problems is, this smbpasswd file generated is not the

I''m in the process of locking down as much of my systems here as possible as to available ports. I am down to only a handful but am not sure how much of a security risk they pose and was wondering if anyone here might be able to comment, or suggest secure versions to run: 21/FTP (WU-ftpd v2.4.2 BETA 14) 22/SSH (1.22) 23/TELNET (Netkit 0.09) 25/SMTP (Sendmail

...>> Expansion: NONE >> No ALPN negotiated >> SSL-Session: >> ??? Protocol? : TLSv1.2 >> ??? Cipher??? : 0000 >> ??? Session-ID: >> ??? Session-ID-ctx: >> ??? Master-Key: >> ??? PSK identity: None >> ??? PSK identity hint: None >> ??? SRP username: None >> ??? Start Time: 1532969474 >> ??? Timeout?? : 7200 (sec) >> ??? Verify return code: 0 (ok) >> ??? Extended master secret: no >> >> --- >> >> and this for the certificate where the csr is generated with a RSA >> private key: &gt...

...figuring-laps-for-samba-ad >> >> >> >> - Kees. >> >> > > Let me say at the start, I do not use LAPS, but isn't the TranquilIT > page about using the legacy version and there appears to be a new kid > in town ? > > Rowland I think that is SRP, which is described in the same document. - Kees.