> Jeffrey Altman wrote:
>
> > A passphrase consisting of human readable/typable text provides
> > approximately 2 bits of entropy per character.
>
> English text contains approx. 3.5 bits of entropy per character.
Password half password of password normal password English password
text passwo
On Sun, Jan 06, 2002 at 01:04:37PM -0800, Vadim Zaliva wrote:
> 2. Challenge-Response
>
> I do not know yet how to implement this. Advice appreciated.
>
> 4. RSA keys
>
> Similar to SSH. I understand that OpenSSL protocol does not have
> specific support for this, so it have to be written on to
>2. Challenge-Response
>
>I do not know yet how to implement this. Advice appreciated.
The short version of how you do this is that you use some sort of hashing
scheme like MD5 or SHA1. During the installation process, you generate a
random password (or ask the user to enter one) and y
Vadim Zaliva <[EMAIL PROTECTED]> writes:
> On 6 Jan 2002, Eric Rescorla wrote:
>
> I would like to thank everybody who responded to my previous messages.
>
> > This can't be done with SSL exactly the way you want to do it. The
> > only way that SSL knows how to carry public keys is via certific
Use SRP (http://srp.stanford.edu) over SSL for privacy.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
__
OpenSSL Project http://www
On 6 Jan 2002, Eric Rescorla wrote:
I would like to thank everybody who responded to my previous messages.
> This can't be done with SSL exactly the way you want to do it. The
> only way that SSL knows how to carry public keys is via certificates.
I would love to use certificates, but my proble
On Sun, 6 Jan 2002, David Schwartz wrote:
> Why not use simple challenge/response password authentication?
That is one of the options I am considering. I am not sure how to store
password on server side and what would be exchange sequence.
Vadim
--
"La perfection est atteinte non quand il ne
Michael Sierchio <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > That said, it's not clear how these results apply to passwords.
> > The entropy of short chunks of text is lower.
>
> No. The entropy of short chunks of text, without syntax, is
> higher.
That's what I meant, higher :)
Eric Rescorla wrote:
> That said, it's not clear how these results apply to passwords.
> The entropy of short chunks of text is lower.
No. The entropy of short chunks of text, without syntax, is
higher. Grammatical text is more redundant. Frequency vocabulary
is different from dictionary voca
Michael Sierchio <[EMAIL PROTECTED]> writes:
> Jeffrey Altman wrote:
>
> > A passphrase consisting of human readable/typable text provides
> > approximately 2 bits of entropy per character.
>
> English text contains approx. 3.5 bits of entropy per character.
This seems high, considering that
Jeffrey Altman wrote:
> A passphrase consisting of human readable/typable text provides
> approximately 2 bits of entropy per character.
English text contains approx. 3.5 bits of entropy per character.
__
OpenSSL Project
Besides the fact that using raw public/private key pairs is in my
mind a disaster waiting to happen to all SSH users:
. they have no notion of identity associated with them
. they have no notion of trust associated with them
. they have no notion of usage associated with them
. they have n
Vadim Zaliva <[EMAIL PROTECTED]> writes:
> I am trying to use OpenSSL to build secure authenticated channel between
> client and server. I want server to allow connections only from certain
> clients, and I want client to be sure it is connected to the right server.
>
> I see how it could be done
On Sun, Jan 06, 2002 at 12:36:22AM -0800, Vadim Zaliva wrote:
> Hi!
>
> I am trying to use OpenSSL to build secure authenticated channel between
> client and server. I want server to allow connections only from certain
> clients, and I want client to be sure it is connected to the right server.
>
Why not use simple challenge/response password authentication?
--
David Schwartz
<[EMAIL PROTECTED]>
On Sun, 6 Jan 2002 00:36:22 -0800 (PST), Vadim Zaliva wrote:
>Hi!
>
>I am trying to use OpenSSL to build secure authenticated channel between
>client and server. I want server to allow
Hi!
I am trying to use OpenSSL to build secure authenticated channel between
client and server. I want server to allow connections only from certain
clients, and I want client to be sure it is connected to the right server.
I see how it could be done using certificates. However for my applicatio
16 matches
Mail list logo
