Re: agent draft (was Re: Secure Shell: Milestone Update.)

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: agent draft (was Re: Secure Shell: Milestone Update.)
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 21 Mar 2005 09:52:21 +0100

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

> On Friday, March 18, 2005 02:44:00 PM +0100 Niels Möller
> <nisse%lysator.liu.se@localhost> wrote:

> > Login: Client asks server for encrypted private key. User types in
> > passphrase to decrypt it. Key is used to sign the session id, just
> > like for plain publickey authentication.

[...]

> My main concern at the moment is that the approach you describe would
> make it fairly easy to obtain a copy of the encrypted private key on
> which to perform an offline dictionary attack...

Right. That's why one would want to use something more sophisticated,
like SRP.

Regards,
/Niels

References:
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Simon Tatham
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Niels Möller
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Jeffrey Hutzelman

Prev by Date: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Next by Date: Re: latest drafts
Previous by Thread: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Next by Thread: publickeyfile draft (was Re: Secure Shell: Milestone Update.)
Indexes:

Home | Main Index | Thread Index | Old Index