Jedi/Sector One's random thoughts

A zero-knowledge password authentication method

written by jedi on November 4th, 2008 @ 11:14 AM

The J-PAKE method (just implemented in OpenSSH and OpenSSL) allows password-based authentication without exposing the password to the server.

Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint.

Direct link to the the document: Password Authenticated Key Exchange by Juggling and to the announce (with links to source code in C and Java).

0 comments

Comments are closed

Frank DENIS

Here's my little blog about computing, music, nails and everything cool.

Search

Recent

Articles feed

CloudKit: RESTful versioned storage of JSON data (December 30th)
Signals and slots in Javascript (December 15th)
Scientists extract images directly from brain (December 14th)
PHP-FPM 0.5.10 has been released (December 14th)
A MySQL UDF for top N sort (December 14th)
Google's browser security handbook (December 11th)
0MQ 0.4 has been released, now under LGPL (December 9th)
An iPhone temperature app using... crickets as sensors (December 9th)
A YARV to LLVM compiler (December 8th)
PHP 5.2.8 is out (December 8th)
Running native code on the web (December 8th)
Fix iTerm crash in multi-user mode (December 8th)
New version of Ruby Enterprise Edition released (December 8th)
Bypassing face-recognition systems (December 8th)
Easily download the files of a web site (December 8th)

Comments feed

Mayuresh Kathe on An iPhone temperature app using... crickets as sensors
Mayuresh Kathe on Scientists extract images directly from brain
Hideki Miura on A YARV to LLVM compiler
Graham on A YARV to LLVM compiler
Frank on Yes, 6 x 9 = 42
Xavier Nicollet on Yes, 6 x 9 = 42
doxa on Big life secret: how I manage my money
H on Recent security flaws you might care about
paul tergeist on Big life secret: how I manage my money
xave on Optimize your Firefox SQLite databases
Frank on Big life secret: how I manage my money
Damien on Big life secret: how I manage my money
Mathieu on Big life secret: how I manage my money
doxa on Big life secret: how I manage my money
Steve F. on What's the fastest in-memory associative arrays library?

tags:

00f,blog 0mq adams age ajax apache maxkeepaliverequests assembler assembly audition,ears authentication bank benchmark,ruby,php blog bluetooth,sniffer bouncer brain broadcom,wireless browser bugs cabinet cache center chrome clickjacking client close cloudkit code insee code postal communes concurrency connection coordonnées cosinus couchdb cricket crypto css css3 data database database engine disk scheduler djb dns douglas download dragonflybsd dying ecommerce edition emacs embedded engine enterprise excel explorer face fast fastcgi fdm filesystem filesystem,chironfs filesystems,ufs2 firefox flash gema gentoo gettext google graphics hack hammer hash haxe high hip-hop http ie internet internet explorer,memory leaks ip iphone ipv6 ipv6,bsd,itojun is iterm java java,javascript,coma javascript joke jpake json libpuzzle library lighttpd linux llvm lockless ludicrous mail markdown,textile,bbcode,rendering mda memory,cluster metasploit microsoft moderation,spam,crm114 money myisam mysql mysql,myisam,concurrency mysql,udf,variables native nginx nostalgy objects online openbsd openbsd 4.1 openbsd kernel tlb openbsd,buffer,cache openbsd,song openoffice openoffice,osx openssh openssl opera optimization os,counters osx pacman pake patch,mbuf,ipv6 performance photoshop,graphics php php 5.2.5 php optimization php sucks pools process,alarmer,timeout project management prototype proxy puzzle,library,similar,images raid raid,megaraid rails rails,scalability recognition reiser resolver rest rest,http,put ruby scalability security security,openbsd,ipv6 selector server shared signals sinatra sinus slots software sort spam sql subdomain temperature tokyo translation,html,gettext trends trigo tyrant ucarp udf vmware vulnerability vulnerability,php,phpinfo web webdav www xbox xbox OpenBSD xhtml xmlhttprequest xsrf yahoo yarv yougetit zfs

Misc

Projects: Pure-FTPd; La coterie
Cool links: OpenBSD; Typhon

Options:

Colors

orange
blue
green
pink
cyan
red
violet

Sections

A zero-knowledge password authentication method

posted in:

tags:

comments are closed

Comments are closed

Frank DENIS

Search

Recent

Archives

Categories

tags:

Misc

Options:

Size

Colors