分享
 
 
 

RFC2944 - Telnet Authentication: SRP

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group T. Wu

Request for Comments: 2944 Standford University

Category: Standards Track September 2000

Telnet Authentication: SRP

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document specifies an authentication scheme for the Telnet

protocol under the framework described in [RFC2941], using the Secure

Remote PassWord Protocol (SRP) authentication mechanism. The

specific mechanism, SRP-SHA1, is described in [RFC2945].

1. Command Names and Codes

Authentication Types

SRP 5

Suboption Commands

AUTH 0

REJECT 1

ACCEPT 2

CHALLENGE 3

RESPONSE 4

EXP 8

PARAMS 9

2. Command Meanings

IAC SB AUTHENTICATION IS <authentication-type-pair> AUTH IAC SE

This command indicates that the client has supplied the

username and is ready to receive that user's field parameters.

There is no authentication information to be sent to the remote

side of the connection yet. This should only be sent after the

IAC SB AUTHENTICATION NAME command has been issued. If the

modifier byte (second byte of the authentication-type-pair)

has any bits other than AUTH_WHO_MASK or AUTH_HOW_MASK set,

both bytes are included in the session key hash described later.

This ensures that the authentication type pair was correctly

negotiated, while maintaining backward-compatibility with existing

software.

IAC SB AUTHENTICATION REPLY <authentication-type-pair> PARAMS <values

of modulus, generator, and salt> IAC SE

This command is used to pass the three parameter values used

in the exponentiation to the client. These values are often

called n, g, and s.

IAC SB AUTHENTICATION IS <authentication-type-pair> EXP <client's

exponential residue> IAC SE

This command is used to pass the client's exponential residue,

otherwise known as A, computed against the parameters exchanged

earlier.

IAC SB AUTHENTICATION REPLY <authentication-type-pair> CHALLENGE

<server's exponential residue> IAC SE

This command is used to pass the server's exponential residue,

computed against the same parameters. This quantity is actually

the sum of two residues, i.e. g^x + g^b. For details see [SRP]

and [RFC2945].

IAC SB AUTHENTICATION IS <authentication-type-pair> RESPONSE

<response from client> IAC SE

This command gives the server proof of the client's authenticity

with a 160-bit (20 byte) response.

IAC SB AUTHENTICATION REPLY <authentication-type-pair> ACCEPT

<server's response> IAC SE

This command indicates that the authentication was sUCcessful.

The server will construct its own proof of authenticity and

include it as sub-option data.

IAC SB AUTHENTICATION REPLY <authentication-type-pair> REJECT

<optional reason for rejection> IAC SE

This command indicates that the authentication was not successful,

and if there is any more data in the sub-option, it is an ASCII

text message of the reason for the rejection.

For the PARAMS command, since three pieces of data are being

transmitted, each parameter is preceded by a 16-bit (two byte) length

specifier in network byte order. The EXP commands do not have a

count in front of the data because there is only one piece of data in

that suboption. The CHALLENGE, RESPONSE, and ACCEPT data also do not

have a count because they are all fixed in size.

3. Implementation Rules

Currently, only AUTH_CLIENT_TO_SERVER mode is supported. Although

the SRP protocol effectively performs implicit mutual authentication

as a result of the two-way proofs, only the AUTH_HOW_ONE_WAY

authentication mode is currently defined. The AUTH_HOW_MUTUAL

setting is being reserved for an explicit mutual-authentication

variant of the SRP protocol to be defined in future specifications.

All large number data sent in the arguments of the PARAMS and EXP

commands must be in network byte order, i.e. most significant byte

first. No padding is used.

The SRP-SHA1 mechanism, as described in [RFC2945] generates a 40-byte

session key, which allows implementations to use different keys for

incoming and outgoing traffic, increasing the security of the

encrypted session. It is recommended that the Telnet ENCRYPT method,

if it is used, be able to take advantage of the longer session keys.

4. Examples

User "tjw" may wish to log in on machine "foo". The client would

send IAC SB AUTHENTICATION NAME "tjw" IAC SE IAC SB AUTHENTICATION IS

SRP AUTH IAC SE. The server would look up the field and salt

parameters for "tjw" from its password file and send them back to the

client. Client and server would then exchange exponential residues

and calculate their session keys (after the client prompted "tjw" for

his password). Then, the client would send the server its proof that

it knows the session key. The server would either send back an

ACCEPT or a REJECT. If the server accepts authentication, it also

sends its own proof that it knows the session key to the client.

Client Server

IAC DO AUTHENTICATION

IAC WILL AUTHENTICATION

[ The server is now free to request authentication information.

]

IAC SB AUTHENTICATION SEND

SRP CLIENTONE_WAY

ENCRYPT_USING_TELOPT

SRP CLIENTONE_WAY

IAC SE

[ The server has requested SRP authentication. It has indicated

a preference for ENCRYPT_USING_TELOPT, which requires the

Telnet ENCRYPT option to be negotiated once authentication

succeeds. If the client does not support this, the server

is willing to fall back to an encryption-optional mode.

The client will now respond with the name of the

user that it wants to log in as. ]

IAC SB AUTHENTICATION NAME

"tjw" IAC SE

IAC SB AUTHENTICATION IS

SRP CLIENTONE_WAYENCRYPT_USING_TELOPT AUTH

IAC SE

[ The server looks up the appropriate information for "tjw" and

sends back the parameters in a PARAMS command. The parameters

consist of the values N, g, and s, each preceded with a two-

byte size parameter. ]

IAC SB AUTHENTICATION REPLY

SRP CLIENTONE_WAY

ENCRYPT_USING_TELOPT PARAMS

ss ss nn nn nn nn ...

ss ss gg gg gg gg ...

ss ss tt tt tt tt ...

IAC SE

[ Both sides send their exponential residues. The client

sends its value A and the server sends its value B. In SRP,

the CHALLENGE message may be computed but not sent before

the EXP command. ]

IAC SB AUTHENTICATION IS

SRP CLIENTONE_WAYENCRYPT_USING_TELOPT EXP

aa aa aa aa aa aa aa aa ...

IAC SE

IAC SB AUTHENTICATION REPLY

SRP CLIENTONE_WAY

ENCRYPT_USING_TELOPT CHALLENGE

bb bb bb bb bb bb bb bb ...

IAC SE

[ The client sends its response to the server. This is the

message M in the SRP protocol, which proves possession of

the session key by the client.

Since ENCRYPT_USING_TELOPT is specified, the two octets

of the authentication-type-pair are appended to the

session key K before the hash for M is computed. If

the client and server had agreed upon a mode without

the encryption flag set, nothing would be appended to K.

Both this message and the server's response are as long as

the output of the hash; the length is 20 bytes for SHA-1. ]

IAC SB AUTHENTICATION IS

SRP CLIENTONE_WAYENCRYPT_USING_TELOPT RESPONSE

xx xx xx xx xx xx xx xx ...

IAC SE

[ The server accepts the response and sends its own proof. ]

IAC SB AUTHENTICATION REPLY

SRP CLIENTONE_WAY

ENCRYPT_USING_TELOPT ACCEPT

yy yy yy yy yy yy yy yy ...

IAC SE

5. Security Considerations

The ability to negotiate a common authentication mechanism between

client and server is a feature of the authentication option that

should be used with caution. When the negotiation is performed, no

authentication has yet occurred. Therefore, each system has no way

of knowing whether or not it is talking to the system it intends. An

intruder could attempt to negotiate the use of an authentication

system which is either weak, or already compromised by the intruder.

Since SRP relies on the security of the underlying public-key

cryptosystem, the modulus "n" should be large enough to resist

brute-force attack. A length of at least 1024 bits is recommended,

and implementations should reject attempts to use moduli that are

shorter than 512 bits, or attempts to use invalid moduli and

generator parameters (non-safe-prime "n" or non-primitive "g").

6. IANA Considerations

The authentication type SRP and its associated suboption values are

registered with IANA. Any suboption values used to extend the

protocol as described in this document must be registered with IANA

before use. IANA is instructed not to issue new suboption values

without submission of documentation of their use.

7. References

[RFC2941] Ts'o, T. and J. Altman, "Telnet Authentication Option",

RFC2941, September 2000.

[SRP] T. Wu, "The Secure Remote Password Protocol", In

Proceedings of the 1998 ISOC Network and Distributed

System Security Symposium, San Diego, CA, pp. 97-111.

[RFC2945] Wu, T., "The SRP Authentication and Key Exchange System",

RFC2945, September 2000.

8. Author's Address

Thomas Wu

Stanford University

Stanford, CA 94305

EMail: tjw@cs.Stanford.EDU

9. Full Copyright Statement

Copyright (C) The Internet Society (2000). All Rights Reserved.

This document and translations of it may be copied and furnished to

others, and derivative works that comment on or otherwise explain it

or assist in its implementation may be prepared, copied, published

and distributed, in whole or in part, without restriction of any

kind, provided that the above copyright notice and this paragraph are

included on all such copies and derivative works. However, this

document itself may not be modified in any way, such as by removing

the copyright notice or references to the Internet Society or other

Internet organizations, except as needed for the purpose of

developing Internet standards in which case the procedures for

copyrights defined in the Internet Standards process must be

followed, or as required to translate it into languages other than

English.

The limited permissions granted above are perpetual and will not be

revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an

"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING

TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING

BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION

HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFCEditor function is currently provided by the

Internet Society.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有