[JDEV] digest and ldap and authentication

Thomas Muldowney temas at box5.net
Sun Jul 30 14:03:27 CDT 2000 

This is basically a 0k (zero knowledge) system of auth that is currently being
implemented in the new jabberd that is in development.  I'll dig up the 
proposal URL later and post it.  Essentially this will allow the server to use
whatever method it needs.

--temas

On Sun, Jul 30, 2000 at 06:39:53PM +0200, Konrad Podloucky wrote:
> 
> On 30-Jul-2000 Jerrad Pierce enlightened me with:
> > In reply to your message from the not too distant future: next
> > Sunday AD
> > Reply-to: belg4mit at mit.edu
> > Return-receipt-to: belg4mit at mit.edu
> > Organization: a) Discordia b) none c) what's that?
> > Content-Typo: gibberish, charset=ascii-art
> > Date: Sun, 30 Jul 2000 12:16:33 EDT
> > From: Jerrad Pierce <belg4mit>
> > 
> > So what doesn't it just use OTP? (instead of whatever the
> > current password
> > scheme is)
> > 
> OK, I didn't read the complete RFC, but basically the
> OTP-authentication looks like the SKEY-mechanism described in
> Bruce Schneier's "Applied Cryptography".
> 
> Actually it looks like this would work. When creating an account
> the client sends the server x[n] (which is the hash function
> applied n times to the client's secret passphrase) and n. When
> asking for authentication the server sends n - 1 to the client
> and the client computes x[n-1] and sends it back to the server.
> When H(x[n-1]) == x[n] then the client has been succesfully
> authenticated and the server stores x[n-1] and n.
> After n-1 times, the client has to send a new x[n] to the
> server. But the user won't have to change his passphrase because
> of the seed mentioned in the RFC (The seed is a random string
> sent to the client which is concatenated to the actual
> passphrase).
> 
> Looks good!
>         Konrad
> 
> 
> 
> ________________________________________________________________
>   .~.   Konrad Podloucky    <konrad at pelimbert.tssc.univie.ac.at> 
>   /V\                  Running GNU/Linux 2.2.17pre3 on an Alpha
>  // \\  GnuPG/PGP-key available by request  
> /(   )\ "It's all fun and games until someone gets hurt...
>  ^^-^^   then it's just fun."
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20000730/ba2d05f8/attachment-0002.pgp>

More information about the JDev mailing list