authentication (SRP*, DH, TLS)

---

• From: gmu2006@xxxxxxxxx
• Date: 14 Apr 2006 11:02:55 -0700

---

Introduction:
I'm working on a commercial product which was ported from
win32 to GNU/Linux. While doing so we have used TCP/IP
sockets instead of Named Pipes for IPC. By doing so
we've lost the big advantage of having DACLs set on the
named pipes that prevent unauthorized access to the
services.
Now I'm trying to recreate that with the tcp sockets version.
Because of the performance hit we can't use TLS which
checks client+server certificates for preventing MITM.

After evaluating the possibilities I've come to the conclusion
that SRP-6 could be a possible solution.

What I'm trying to find out is:
* is SRP-6 really MITM proof
* how do I prevent using SRP-Z mode which requires royalties
* are there any better implementations than Tom Wu's default
one which when fed to modern compilers like VC8 requires
too much massaging to be compilable and warning-free. I've
not even tried gcc-4.x yet.
* is it legal to use libsrp with the embedded 1996 copy of
getopt.[c,h] which says it is licensed
"GNU Library General Public License" under. actually I'm
not sure (I'll assume this is LGPL) this is legal as LGPL
defines linking against the lib only AFAIK

* what other options do I have to implement secure
authentication (secret not visible on wire) without encrypting
the channel

PS: I may cross-post this initial message in same/similar form
to other groups/lists to get broad feedback. sorry if this
list/group was not the right place to ask (I tried to select
the right lists/groups).

.

---

• Follow-Ups:
  • Re: authentication (SRP*, DH, TLS)
    • From: Joseph Ashwood
  • Re: authentication (SRP*, DH, TLS)
    • From: xmath
  • Re: authentication (SRP*, DH, TLS)
    • From: Paul Rubin
  • Re: authentication (SRP*, DH, TLS)
    • From: karl malbrain

• Prev by Date: Re: RSA Security Hiring Announcement
• Next by Date: Re: Rotor crypto devices: 2N+1 vs Reflector ... how does this impact the "flatness" of the enciphered output?
• Previous by thread: RSA Security Hiring Announcement
• Next by thread: Re: authentication (SRP*, DH, TLS)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Communications Between Program and Controlling Program ... Named pipes if you are working within a single Windows domain (or domains with mutual ... Sockets if you need to work across multiple domains. ... Also, no matter what your protocol is, make sure that you can handle multiple startup ... (microsoft.public.vc.mfc) Re: Best way to do interprocess communication? ... My personal choice would be between named pipes and sockets. ... connectionless and can therefore broadcast. ... app) have a message pump and you can get a window handle, ... (microsoft.public.vc.mfc) IPC : Named Pipes, RPC and Sockets etc. ... In SQL Server BOL it it is mentioned that Named Pipes, RPC and Sockets ... What are these IPC mechanisms? ... (microsoft.public.sqlserver) Re: UFS extended attributes ... On Sun, 9 Apr 2006, Duane Whitty wrote: ... wondering if all types of files have extended attribute blocks available including named pipes, sockets, and device files? ... Extended attribute storage is available for all objects in UFS, including files, directories, named pipes, UNIX domain sockets, and device nodes. ... (freebsd-questions) Re: UFS extended attributes ... On Sun, 9 Apr 2006, Duane Whitty wrote: ... wondering if all types of files have extended attribute blocks available including named pipes, sockets, and device files? ... Extended attribute storage is available for all objects in UFS, including files, directories, named pipes, UNIX domain sockets, and device nodes. ... (freebsd-hackers)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)