On Mon, May 13, 2002 at 08:52:40AM -0400, Julius Szelagiewicz wrote:
> Patrice,
> changes would also be needed in the ltsp kernel for direct support
> of ssh. here are the answers to your 2 questions:
Why ? Why couldn't you do all that in user space ?
> > I don't understand how you make the client and the server share the keys.
> they really don't - all the storage is on the server, and that's
> how we want it. the client uses public key for encryption.
> > But anybody can use the public key and the login name, then ?
> Yes! this is how public cryptography works. you post your public
> keys and hide the private keys. i use your public key to encrypt a message
> to you, and you are the only one that can read it. so now the system uses
> the private key to decrypt the passphrase.
I think I am a bit lost. However, hoping it will clarify things, I submit what
seems to me a problem of your protocol:
Suppose I am an attacker, at a workstation, and I generate a public/private
key. I send my public key, encrypt a login and then I get the login's
passphrase even if it is not mine.
Pat
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
