No more clear text passwords

Stop the nonsense

nokey-0.1 released

nokey-0.1 is out. The no_key_server is a utility for providing secure authentication through an insecure channel using Shamir’s no key (or three-pass) protocol over the group of units Z/p (p being a large prime number, designated from now on as the modulus).

The advantages of the three-pass protocol for authentication are mainly two: that passwords are not sent in the clear over the communication channel and that it needs no certificates or the overload of Public Key Infrastructure (the authentication server might as well fix a new modulus for each authentication attempt, though this would be very resource-intensive).

Moreover, many of the Web 2.0 services, such as blogs, chat services, and wikis require only secure authentication (in other words, that the login/password pair is only known to the owner) because virtually all of their content is made public.

Users of webmail servers may also be eager to trade non-privacy of their mail (letting it go through the web on the clear) for secure authentication (safe encryption of the login protocol). Actually, they are trading for nothing nowadays in most cases.