Commit Graph

6 Commits

Author SHA1 Message Date
Damien Miller
18e1cab1a1 - djm@cvs.openbsd.org 2010/09/20 04:54:07
[jpake.c]
     missing #include
2010-09-24 22:07:17 +10:00
Damien Miller
f7540cd5c4 - djm@cvs.openbsd.org 2010/09/20 04:50:53
[jpake.c schnorr.c]
     check that received values are smaller than the group size in the
     disabled and unfinished J-PAKE code.
     avoids catastrophic security failure found by Sebastien Martini
2010-09-24 22:03:24 +10:00
Damien Miller
ea1651c98e - djm@cvs.openbsd.org 2010/07/13 23:13:16
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
     [ssh-rsa.c]
     s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 13:58:37 +10:00
Damien Miller
8a0268f1b3 - djm@cvs.openbsd.org 2010/07/13 11:52:06
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
     [packet.c ssh-rsa.c]
     implement a timing_safe_cmp() function to compare memory without leaking
     timing information by short-circuiting like memcmp() and use it for
     some of the more sensitive comparisons (though nothing high-value was
     readily attackable anyway); "looks ok" markus@
2010-07-16 13:57:51 +10:00
Damien Miller
cee8523314 - djm@cvs.openbsd.org 2009/03/05 07:18:19
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
     [sshconnect2.c]
     refactor the (disabled) Schnorr proof code to make it a little more
     generally useful
2009-03-06 00:58:22 +11:00
Damien Miller
01ed2272a1 - djm@cvs.openbsd.org 2008/11/04 08:22:13
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
     [Makefile.in]
     Add support for an experimental zero-knowledge password authentication
     method using the J-PAKE protocol described in F. Hao, P. Ryan,
     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
     Security Protocols, Cambridge, April 2008.

     This method allows password-based authentication without exposing
     the password to the server. Instead, the client and server exchange
     cryptographic proofs to demonstrate of knowledge of the password while
     revealing nothing useful to an attacker or compromised endpoint.

     This is experimental, work-in-progress code and is presently
     compiled-time disabled (turn on -DJPAKE in Makefile.inc).

     "just commit it.  It isn't too intrusive." deraadt@
2008-11-05 16:20:46 +11:00