German mirror provided by / Deutscher Spiegelserver von E-Commerce Onlineshops und Webdesign in Duisburg - obengelb GmbH  &  SEO LEO
 

PuTTY wish srp-auth

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Privacy | Changes | Wishlist

summary: SRP authentication (in SSH and perhaps also Telnet)
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: dormant: This is an old feature request that we no longer think is relevant.

SRP support in SSH, as an alternative to pure password authentication. Possibly also in Telnet.

This would be really useful in SSH, because it removes a lot of the danger of accepting a host key you're uncertain about. The SRP exchange convinces each side that the other side knows the same password, without requiring either side to give the password away to the other - so if you use SRP authentication, you can safely type your password in even if you don't know the remote host key is correct. Moreover, the current drafts of SRP authentication in SSH then use the SRP shared secret to authenticate the SSH host key - so that even if you aren't sure the host key belongs to the host you think it does, you can at least be sure that it does belong to a machine which knows your password. This would be a massive improvement in the SSH host key model.

Resources:

SGT, 2024-11-17: classifying this wish as dormant. Alas, SRP never took off in SSH, and those patches in particular never landed in OpenSSH. I still think it would have been a good thing, because of the ability to verify a host key by the act of successfully logging in – but if there's no community of server software using it, there's no point implementing it in a client.


If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2024-11-17 14:53:03 +0000)