Re: SSH vs encrypted passwords
From: Jonathan H N Chin (jc254_at_newton.cam.ac.uk)
Date: 11/11/04
- Next message: Stephan Goeldi: "Re: SSH vs encrypted passwords"
- Previous message: Casper H.S. Dik: "Re: SSH vs encrypted passwords"
- In reply to: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Next in thread: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Reply: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Nov 2004 09:54:14 GMT
Lawrence DčOliveiro <ldo@geek-central.gen.new_zealand> writes:
> jc254@newton.cam.ac.uk (Jonathan H N Chin) wrote:
>>The server *can* determine the unencrypted password, because
>>the client transmits a plaintext copy of it to the server:
>No way would that happen, because a spoofing server could then steal the
>password.
You are correct that a spoofing server could steal the password.
You are wrong that this means that the password is not sent.
It is sent and, yes, that is a weakness of the protocol.
Different protocols (such as SRP that I mentioned earlier,
and even some of the other ssh authentication methods) do protect
against this kind of "snooping".
You elided the reference I gave to the ssh authentication
protocol specification. Here it is again:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-userauth-22.txt
Here is the relevant section from that document, where it is
stated categorically that the password *is* sent in plaintext
(although over an encrypted channel; So the server can read it,
but any snoopers will find it hard to do so):
|8. Password Authentication Method: password
|
| Password authentication uses the following packets. Note that a
| server MAY request the user to change the password. All
| implementations SHOULD support password authentication.
|
| byte SSH_MSG_USERAUTH_REQUEST
| string user name
| string service
| string "password"
| boolean FALSE
| string plaintext password in ISO-10646 UTF-8 encoding
^^^^^^^^^^^^^^^^^^
|
| Note that the 'plaintext password' value is encoded in ISO-10646
| UTF-8. It is up to the server how it interprets the password and
| validates it against the password database. [...]
|
| Note that even though the cleartext password is transmitted in the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| packet, the entire packet is encrypted by the transport layer. Both
| the server and the client should check whether the underlying
| transport layer provides confidentiality (i.e., if encryption is
| being used). If no confidentiality is provided (none cipher),
| password authentication SHOULD be disabled. If there is no
| confidentiality or no MAC, password change SHOULD be disabled.
-jonathan
--
Jonathan H N Chin, 2 dan | deputy computer | Newton Institute, Cambridge, UK
<jc254@newton.cam.ac.uk> | systems mangler | tel/fax: +44 1223 767091/330508
"respondeo etsi mutabor" --Rosenstock-Huessy
- Next message: Stephan Goeldi: "Re: SSH vs encrypted passwords"
- Previous message: Casper H.S. Dik: "Re: SSH vs encrypted passwords"
- In reply to: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Next in thread: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Reply: Lawrence DčOliveiro: "Re: SSH vs encrypted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
