>>>>> "Noel" == Noel L Yap <[EMAIL PROTECTED]> writes:
> Has anyone thought of implementing SRP in CVS? FYI, SRP stands
> for Secure Remote Password. The protocol enables password
> authentication without sending passwords through the wire either
> in plaintext or encrypted. I'm thinking this protocol, coupled
> with cookie (ie .cvspass) aging, would greatly increase the
> security of pserver.
I took a peak at SRP 6-8 months ago for this very purpose. The
algorithm discussed in the white paper sounded very good. The only
advantage I saw was that the data sent to the pserver could not easily
be used to gain unauthorized access the server. This means a third
party could not sniff the authorization packets and use the
information at a later time to establish an unauthorized connection.
I took an hour or so to look at the SRP code. Nothing immediately
jumped out at me as how to integrate SRP with CVS.
My $.02,
Mike Sutton | public class
SAIC | software_failure : management_failure
Beavercreek, OH |
[EMAIL PROTECTED] | These are MY opinions, not SAIC's
