Bugtraq mailing list archives
Re: "The End of SSL and SSH?"
From: Ajax <ajax () FIREST0RM ORG>
Date: Wed, 20 Dec 2000 19:38:35 -0600
On Wed, 20 Dec 2000, Crispin Cowan wrote:
Kurt Seifried wrote: SSL, SSH, and PGP each took a different approach to addressing, if not solving, the initial key placement problem, and each has its own strengths & weaknesses:
Allow me to refer everyone to the SRP protocol (http://srp.stanford.edu/), which accomplishes a cryptographically strong password exchange and uses it to establish a session key. This works by assuming you already have a password stored on the remote host (you do, in /etc/shadow), and therefore pushes the initial key placement problem up to account creation time, which we assume is a secure event, right? The only problem with SRP is that it doesn't allow you to verify the trustedness of the client (well, you can, but it requires you to, for example, add an IP address to the username string and store a unique hash for each IP she might be coming from). But, as has been said, key placement is a hard problem. -=:[ ajax
Current thread:
- sshmitm, webmitm Dug Song (Dec 18)
- Re: sshmitm, webmitm Samuele Giovanni Tonon (Dec 20)
- Re: sshmitm, webmitm Boris Lorenz (Dec 21)
- "The End of SSL and SSH?" Perry E. Metzger (Dec 20)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 19)
- Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
- Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
- Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
- Re: "The End of SSL and SSH?" Ajax (Dec 20)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
- Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
- Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
- Re: sshmitm, webmitm Samuele Giovanni Tonon (Dec 20)
- Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
- Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)