Kris Kennaway wrote: > > On Fri, 13 Aug 1999, Dave Walton wrote: > > > If you really want to work on an encrypted telnet, check out The > > Stanford SRP Authentication Project (http://srp.stanford.edu/srp/). > > I'd love to see SRP integrated into the FreeBSD telnet/telnetd. > > I got started on this, to the extent of storing the SRP data in the passwd > file as an additional password crypt() method
That will be incompatible with folks who, for example, use the old style passwords in a YP map in order to be compatible with other platforms in the same domain. As long as you require a shared secret there will be either extra overhead to maintain it (in a separate password database) or an exclusion of some platforms because of inabilities to generate the shared secret (because they have different crypt()s than we do). Not requiring a shared secret allows monkey-in-the-middle. But the goal here is to do better than nothing at all while not adding any administrative overhead. If you add overhead, people won't use it. SRA is a compromise between security and ease of use. "Compromise" is not a four letter word.
smime.p7s
Description: S/MIME Cryptographic Signature
