summaryrefslogtreecommitdiff
path: root/schnorr.c
AgeCommit message (Collapse)Author
2013-05-16 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41Darren Tucker
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] Fix some "unused result" warnings found via clang and -portable. ok markus@
2010-12-05 - (dtucker) OpenBSD CVS SyncDarren Tucker
- djm@cvs.openbsd.org 2010/12/03 23:49:26 [schnorr.c] check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao (this code is still disabled, but apprently people are treating it as a reference implementation)
2010-09-24 - djm@cvs.openbsd.org 2010/09/20 04:50:53Damien Miller
[jpake.c schnorr.c] check that received values are smaller than the group size in the disabled and unfinished J-PAKE code. avoids catastrophic security failure found by Sebastien Martini
2009-03-07 - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c to use them. Allows building with older OpenSSL versions.
2009-03-06 - djm@cvs.openbsd.org 2009/03/05 07:18:19Damien Miller
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] [sshconnect2.c] refactor the (disabled) Schnorr proof code to make it a little more generally useful
2009-02-21 - djm@cvs.openbsd.org 2009/02/18 04:31:21Damien Miller
[schnorr.c] signature should hash over the entire group, not just the generator (this is still disabled code)
2008-11-05 - djm@cvs.openbsd.org 2008/11/04 08:22:13Damien Miller
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] [Makefile.in] Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@