[JDEV] What is: 'zero-knowledge authentication support'?
David Waite
dwaite at jabber.com
Wed Nov 1 18:19:30 CST 2000
Basically, a hash of the password is stored on the server, along with the
total number of iterations needed to create it. for instance:
1a3d234f31312aabbccdd300ab1354e5fe01,386.
The server sends the client the count. The client then iterates the count
minus one, and sends this to the server.The server performs an iteration on
this, and compares the results for equiviancy. It then stores the new
number and count, to prevent replays.
So what happens when the count reaches zero? Some other, nondefined method
(SSL connection, external re-seeding) happens, preferably with a new
password.
-David Waite
> Hi,
>
> Can someone explain the "zero-knowledge authentication support" that Jer
> mentions in his 1.2 Release news article? How do i use it?
>
> Thanks, Oliver.
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list