PuTTY wish srp-auth

This is a mirror. The primary PuTTY web site can be found here.

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: SRP authentication (in SSH and perhaps also Telnet)
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: medium: This should be fixed one day.

SRP support in SSH, as an alternative to pure password authentication. Possibly also in Telnet.

This would be really useful in SSH, because it removes a lot of the danger of accepting a host key you're uncertain about. The SRP exchange convinces each side that the other side knows the same password, without requiring either side to give the password away to the other - so if you use SRP authentication, you can safely type your password in even if you don't know the remote host key is correct. Moreover, the current drafts of SRP authentication in SSH then use the SRP shared secret to authenticate the SSH host key - so that even if you aren't sure the host key belongs to the host you think it does, you can at least be sure that it does belong to a machine which knows your password. This would be a massive improvement in the SSH host key model.

Resources:

Audit trail for this wish.


If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2004-11-16 15:27:00 +0000)