Re: SSH vs encrypted passwords
From: Jonathan H N Chin (jc254_at_newton.cam.ac.uk)
Date: 11 Nov 2004 09:54:14 GMT
Lawrence DčOliveiro <firstname.lastname@example.org_zealand> writes:
> email@example.com (Jonathan H N Chin) wrote:
>>The server *can* determine the unencrypted password, because
>>the client transmits a plaintext copy of it to the server:
>No way would that happen, because a spoofing server could then steal the
You are correct that a spoofing server could steal the password.
You are wrong that this means that the password is not sent.
It is sent and, yes, that is a weakness of the protocol.
Different protocols (such as SRP that I mentioned earlier,
and even some of the other ssh authentication methods) do protect
against this kind of "snooping".
You elided the reference I gave to the ssh authentication
protocol specification. Here it is again:
Here is the relevant section from that document, where it is
stated categorically that the password *is* sent in plaintext
(although over an encrypted channel; So the server can read it,
but any snoopers will find it hard to do so):
|8. Password Authentication Method: password
| Password authentication uses the following packets. Note that a
| server MAY request the user to change the password. All
| implementations SHOULD support password authentication.
| byte SSH_MSG_USERAUTH_REQUEST
| string user name
| string service
| string "password"
| boolean FALSE
| string plaintext password in ISO-10646 UTF-8 encoding
| Note that the 'plaintext password' value is encoded in ISO-10646
| UTF-8. It is up to the server how it interprets the password and
| validates it against the password database. [...]
| Note that even though the cleartext password is transmitted in the
| packet, the entire packet is encrypted by the transport layer. Both
| the server and the client should check whether the underlying
| transport layer provides confidentiality (i.e., if encryption is
| being used). If no confidentiality is provided (none cipher),
| password authentication SHOULD be disabled. If there is no
| confidentiality or no MAC, password change SHOULD be disabled.
-- Jonathan H N Chin, 2 dan | deputy computer | Newton Institute, Cambridge, UK <firstname.lastname@example.org> | systems mangler | tel/fax: +44 1223 767091/330508 "respondeo etsi mutabor" --Rosenstock-Huessy