> David Jablon <[EMAIL PROTECTED]> writes:
>
> > If you're thinking about building or modifying a system to take
> > advantage of the latest methods, and your goal is to provide both
> > strength *and* convenience, take a look at the zero-knowledge
> > password protocols. These were specifically designed for
> > strong mutual authentication based on a short secret.
> > EKE, SRP and SPEKE come to mind.
>
> Thanks for the advice. I have heard a little about those protocols;
> enough to suspect that they may be suitable for ssh, but not enough
> to really know what they are like.
>
> > These are available in a variety of forms, and can be used
> > where the host knows either a password, a hashed password, or
> > a public-key that corresponds to a password.
> > The page at www.IntegritySciences.com/links.html lists most
> > of the research in this area.
>
> Thanks. I'll try to read up. One quick question: Are any of these
> methods free from patent-restrictions? As I'm writing free software, I
> really can't use algorithms unless they are either patent-free, or
> available on very liberal licensing terms. I suspect IETF-bias is
> similar, although I in no way speak for the IETF.
>
> Best regards,
> /Niels M�ller
>
Stanford is no longer enforcing their patent on SRP.
I suggest you contact the author
Thomas Wu [EMAIL PROTECTED]
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
