Implement DH-AES encrypted password scheme.

This is superior to DH-BLOWFISH as Blowfish may suffer from certain
classes of weak keys, which is difficult to mitigate against without
regenerating DH parameters repeatedly. AES also has faced far more
scrutiny and is believed to be more secure.

Reference implementation (services-side):
https://github.com/atheme/atheme/blob/master/modules/saslserv/dh-aes.c
This commit is contained in:
Elizabeth Myers
2013-04-16 05:39:10 -05:00
parent f2e8738ffc
commit f578bf9424
2 changed files with 205 additions and 102 deletions
+1
View File
@@ -185,6 +185,7 @@ protected:
#ifdef HAVE_LIBSSL
#include <openssl/aes.h>
#include <openssl/blowfish.h>
#include <openssl/md5.h>
//! does Blowfish w/64 bit feedback, no padding