Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Remote Password (SRP) #132

Open
martinmcclure opened this issue Jul 16, 2022 · 0 comments
Open

Secure Remote Password (SRP) #132

martinmcclure opened this issue Jul 16, 2022 · 0 comments
Assignees
@kurtkilpela
Labels
enhancement New feature or request

Comments

@martinmcclure
Copy link
Member

Many possible applications of RSR (and some existing applications) require authentication of connections. The SRP protocol has some good properties that make it desirable for this purpose:

  • Already used by GemStone for username/password logins
  • Supported by OpenSSL starting with version 1.0.1
  • The server does not store any form of the password, just a salt and a verifier, from which the password cannot be derived
  • The authentication handshake is immune to eavesdropping and man-in-the-middle attacks
  • If desired, successful authentication results in an encrypted connection

This wouldn't necessarily have to be a part of the core RSR framework -- it seems likely to be possible to implement it as part of a suite of services that support various authentication methods. Some hooks into the RSR framework would likely be required.
@martinmcclure martinmcclure added the enhancement New feature or request label Jul 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kurtkilpela kurtkilpela

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kurtkilpela @martinmcclure