I think just replacing des keys with AES is not worth it. there is so little data that des is quite secure (imho).
replacing p9sk1 with pki is much more useful. rus posted to 9fans about wanting to do this so a terminal could cache tickets to speed auth when the auth server is remote - I cannot remember the details, sorry. also pki would allow the old 9grid ideas to resurface, if there are enough plan9 machines left :-) -Steve ps. inferno already uses pki, it would be best to be compatible unless there is a very good reason not to be. > On 2 Jul 2015, at 12:37, gracc <oniic...@tfwno.gf> wrote: > > as per http://wiki.9front.org/bounties >>> replace p9sk1 with something better > > I'm looking to start on this, does anyone have thoughts on improvements? > At the moment I am intending to just replace the DES keys with AES but > is there any call for more structural changes? > > I was thinking that an overhaul using public keys might be appropriate > so that the auth server would still be a trusted key holder but without > secret keys having to leave the user's machine. > > (9front mailing list was down so im sending to 9fans instead, sorry if > that's a bother)
