• Damien Miller's avatar
    - djm@cvs.openbsd.org 2008/11/04 08:22:13 · 01ed2272
    Damien Miller authored
         [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
         [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
         [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
         Add support for an experimental zero-knowledge password authentication
         method using the J-PAKE protocol described in F. Hao, P. Ryan,
         "Password Authenticated Key Exchange by Juggling", 16th Workshop on
         Security Protocols, Cambridge, April 2008.
         This method allows password-based authentication without exposing
         the password to the server. Instead, the client and server exchange
         cryptographic proofs to demonstrate of knowledge of the password while
         revealing nothing useful to an attacker or compromised endpoint.
         This is experimental, work-in-progress code and is presently
         compiled-time disabled (turn on -DJPAKE in Makefile.inc).
         "just commit it.  It isn't too intrusive." deraadt@
auth2.c 9.96 KB