- djm@cvs.openbsd.org 2008/11/04 08:22:13

[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] [Makefile.in] Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
author: Damien Miller <djm@mindrot.org> 2008-11-05 16:20:46 +1100
committer: Damien Miller <djm@mindrot.org> 2008-11-05 16:20:46 +1100
commit: 01ed2272a1545336173bf3aef66fbccc3494c8d8 (patch)
tree: a77f115d3b8964f0b6fcc604f9dea87d15143d7e /ChangeLog
parent: 6f66d34308af787613d5525729953665f26367ee (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index cf80ff1e6..012749b0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,25 @@
     [auth.c]
     need unistd.h for close() prototype
     (ID sync only)
+   - djm@cvs.openbsd.org 2008/11/04 08:22:13
+     [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+     [Makefile.in]
+     Add support for an experimental zero-knowledge password authentication
+     method using the J-PAKE protocol described in F. Hao, P. Ryan,
+     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+     Security Protocols, Cambridge, April 2008.
+     
+     This method allows password-based authentication without exposing
+     the password to the server. Instead, the client and server exchange
+     cryptographic proofs to demonstrate of knowledge of the password while
+     revealing nothing useful to an attacker or compromised endpoint.
+     
+     This is experimental, work-in-progress code and is presently
+     compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+     
+     "just commit it.  It isn't too intrusive." deraadt@
 20081103
 - OpenBSD CVS Sync
@@ -4857,4 +4876,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.5129 2008/11/05 05:12:54 djm Exp $
+$Id: ChangeLog,v 1.5130 2008/11/05 05:20:46 djm Exp $
author	Damien Miller <djm@mindrot.org>	2008-11-05 16:20:46 +1100
committer	Damien Miller <djm@mindrot.org>	2008-11-05 16:20:46 +1100
commit	01ed2272a1545336173bf3aef66fbccc3494c8d8 (patch)
tree	a77f115d3b8964f0b6fcc604f9dea87d15143d7e /ChangeLog
parent	6f66d34308af787613d5525729953665f26367ee (diff)

diff --git a/ChangeLog b/ChangeLog index cf80ff1e6..012749b0d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -7,6 +7,25 @@
7	[auth.c]	7	[auth.c]
8	need unistd.h for close() prototype	8	need unistd.h for close() prototype
9	(ID sync only)	9	(ID sync only)
		10	- djm@cvs.openbsd.org 2008/11/04 08:22:13
		11	[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
		12	[readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
		13	[sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
		14	[Makefile.in]
		15	Add support for an experimental zero-knowledge password authentication
		16	method using the J-PAKE protocol described in F. Hao, P. Ryan,
		17	"Password Authenticated Key Exchange by Juggling", 16th Workshop on
		18	Security Protocols, Cambridge, April 2008.
		19
		20	This method allows password-based authentication without exposing
		21	the password to the server. Instead, the client and server exchange
		22	cryptographic proofs to demonstrate of knowledge of the password while
		23	revealing nothing useful to an attacker or compromised endpoint.
		24
		25	This is experimental, work-in-progress code and is presently
		26	compiled-time disabled (turn on -DJPAKE in Makefile.inc).
		27
		28	"just commit it. It isn't too intrusive." deraadt@
10		29
11	20081103	30	20081103
12	- OpenBSD CVS Sync	31	- OpenBSD CVS Sync
@@ -4857,4 +4876,4 @@
4857	OpenServer 6 and add osr5bigcrypt support so when someone migrates	4876	OpenServer 6 and add osr5bigcrypt support so when someone migrates
4858	passwords between UnixWare and OpenServer they will still work. OK dtucker@	4877	passwords between UnixWare and OpenServer they will still work. OK dtucker@
4859		4878
4860	$Id: ChangeLog,v 1.5129 2008/11/05 05:12:54 djm Exp $	4879	$Id: ChangeLog,v 1.5130 2008/11/05 05:20:46 djm Exp $