[18276] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Thu Dec 21 13:47:22 2000
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Message-ID: <kj7l4ufclg.fsf@romeo.rtfm.com>
Date: Wed, 20 Dec 2000 23:38:35 -0800
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@SPEEDY.RTFM.COM>
X-To: Ajax <ajax@FIREST0RM.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Ajax's message of "Wed, 20 Dec 2000 19:38:35 -0600"
Ajax <ajax@FIREST0RM.ORG> writes:
> On Wed, 20 Dec 2000, Crispin Cowan wrote:
>
> > Kurt Seifried wrote:
> >
> > SSL, SSH, and PGP each took a different approach to addressing, if not
> > solving, the initial key placement problem, and each has its own
> > strengths & weaknesses:
>
> Allow me to refer everyone to the SRP protocol (http://srp.stanford.edu/),
> which accomplishes a cryptographically strong password exchange and uses
> it to establish a session key. This works by assuming you already have a
> password stored on the remote host (you do, in /etc/shadow), and therefore
> pushes the initial key placement problem up to account creation time,
> which we assume is a secure event, right?
This is fine for replacing SSH, but it's not very useful for the
most common application of SSL--credit card submission. It's only
useful when the two parties have some prior arrangement.
Incidentally, SRP is only the latest in a long line of what
are known as "strong password protocols". The original one
of which is Bellovin and Merritt's EKE. For more than you ever
wanted to know about this topic check out:
http://www.integritysciences.com/
-Ekr
