similar to: the "primes" file

This is to announce the availability of SRP (Secure Remote Password) support for OpenSSH. A tarball is available on Tripod: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.2p2-srp5.tar.gz (Note: Tripod requires you to LEFT click on links to download files.) To install, unpack, configure --with-srp, and make install, then create an

On Sun, 29 Apr 2001, RJ Atkinson wrote: > At 06:26 27/04/01, Tom Wu wrote: > >For those of you who were following the discussion about the new draft > >and implementation of SRP-based password authentication in OpenSSH, I > >promised to have Stanford issue the IETF an official, explicit, > >statement reiterating the unencumbered royalty-free licensing terms. > >The

On Wed 2015-05-27 05:23:41 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 15:10:01 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated

This is the 2nd beta release of SRP for OpenSSH. The patch attached to this message is relative to the current (20010411) CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz (Note: Tripod requires you to LEFT click on links to download files, and

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you

I just joined the list, and I see in the archives that about a month ago there was a brief discussion of SRP, but it was dismissed. I urge people to take a look at this site: http://srp.stanford.edu/srp/ It's very cool. Let's say I'm on vacation visiting a friend, and I want to log in to my account back home. I trust my friend's machine, but I don't have my home

G'day, First off, I'm not subscribed to the list, so if there are any responses that should be directed to me, feel free to CC me in :) The below url is an updated patch of Professor Tom's earlier SRP patches for SSH. The only things changed was so that it would compile on a newer openssh version. For more information regarding SRP, see http://srp.stanford.edu This isn't

[I know this is the 'port' list, but I can't find a better place to post this, and with the garbage going on @slashdot I figured I'd get this out. This belongs on sci.crypt or a general OpenSSH mailing list] First, a quick rehash of stuff everyone here already knows, OpenSSH can use two major forms of authentication: 1. Password 2. RSA keys The RSA method is good because it

>Simply stated, SRP is a strong password authentication protocol that >resists passive/active network attack, and when used in conjunction with >OpenSSH, solves the "unknown host key" problem without requiring host >key fingerprint verification or PKI deployment (e.g. X.509 certs). Put >another way, is there any good reason *not* to fold these patches into >OpenSSH

Also, how are default moduli shipped with OpenSSH for use in diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen randomly by developers or are they chosen for security properties? If they are random, why not use moduli from RFC 7919 instead, like Mozilla recommends? On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote: > > Yegor Ievlev <koops1997

Hello all Support for Secure Remote Password (SRP) for OpenSSH was last discussed in 2004: http://marc.info/?l=openssh-unix-dev&w=2&r=1&s=SRP&q=b There's a SRP patch for OpenSSL that's about 2 years in the making: http://rt.openssl.org/Ticket/Display.html?id=1794 Tom Wu from Stanford has been working on that. Has anything changed since 2004 that would make inclusion

I've got an rsync job which is consistently failing, but I've been unable to diagnose the problem. FAQ/Google/docs/etc. checked and no luck. Basically, it looks like the rsync process invoked on the far end is exiting, and then the local process waits until the timeout and exits. Both systems are Sun boxes, Ultra 10 or better with 256+ MB of memory. Rsync version is 2.5.0 on the local

Are there any plans to include support for SRP or a similar zero-knowledge password protocol into OpenSSH? -- Jeremy

In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8. With OpenSSL 1.1 compilation will throw an error. Not sure how to send patches, I don't even know if the patch I wrote actually works (I don't program in C, but gave it a shot anyway) but below is the patch. ---

This includes two kernel patches, scsi-target and IO_CMD_EPOLL_WAIT. The former is a modified version of the scsi target infrastructure in mainline. The latter enables applications to handle AIO and non-AIO fds in the same loop. blktap uses the different patch, AIO event queue patch for the same aim. The IO_CMD_EPOLL_WAIT patch will be merged into mainline (and the AIO event queue will not) so

https://bugzilla.mindrot.org/show_bug.cgi?id=2559 Bug ID: 2559 Summary: Warnings from reading moduli file, refer to primes file Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

This patchset includes an updated version of the SCSI frontend and backend drivers. The frontend and backend drivers exchange SCSI RDMA Protocol (SRP) messages via a ring buffer. The backend driver sends SCSI commands to the user-space daemon, which performs SCSI commands and I/O operations. The backend driver uses VM_FOREIGN feature like the blktap driver for zero-copy of data pages. Like the

>>>>>> facing [ no shared cipher ] error with EC private keys. >>>>> the client connecting to your instance has to support ecdsa >>>>> >>>>> >>>> It does - Thunderbird 60.0b10 (64-bit) >>>> >>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >>>> >>>> It seems there is

I noticed that (perhaps because ':' is invalid in a username) you can say ssh -l user:style host, where the "user:style" is sent by the client, and the server strips the ":style" part off and makes it available as part of the authentication context. It's currently unused. What are the plans for this, if any? I was experimenting with the idea of using it with SRP

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>