[jboss-jira] [JBoss JIRA] (ELY-183) Protocols for password changing
Carlton Zachary (JIRA)
issues at jboss.org
Mon Aug 17 10:30:49 EDT 2015
[ https://issues.jboss.org/browse/ELY-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13098949#comment-13098949 ]
Carlton Zachary commented on ELY-183:
-------------------------------------
Hi Darran,
There is the protocol SRP. Not sure if it would work in this situation, but worth looking into.
Regards.
> Protocols for password changing
> -------------------------------
>
> Key: ELY-183
> URL: https://issues.jboss.org/browse/ELY-183
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI
> Reporter: Darran Lofthouse
> Fix For: 1.0.0.Final
>
>
> Potentially this is a bit of a research task, as I have mentioned in a couple of places I don't like relying on SSL exclusively for confidentiality - my reasons being it is perfect until their is a compromise and then it is as useful as a chocolate tea pot ;-)
> A lot of the emphasis in the Elytron development so far has been implementation of the more secure SASL mechanisms to eliminate weak password exchanges between a client and the server - however we still have the need for password to be set remotely, this task is to explore some of those options.
> Are there any existing protocols to remotely set a password securely?
> Is there anything specific to our current password types we can take advantage of?
> Are there features of any of our SASL mechanisms to apply a second layer of confidentiality?
> Any other options?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list