[2141] in cryptography@c2.net mail archive
SRP
daemon@ATHENA.MIT.EDU (Marcus Leech)
Thu Feb 19 22:21:23 1998
Date: Thu, 19 Feb 1998 17:28:48 -0500
From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>
To: cryptography@c2.net
I just got around to reading the SRP stuff at
http://srp.stanford.edu/srp/srp.ps
Is it just me, or is it possible for Carol to be duped into transacting
with
a Steve impersonator, since the salt is exchanged in public? Notice
that step
8 (as far as I can tell) verifies only that the party at the other is
the
party at the other end, and not the party that I originally exchange
my
v, s values with.
The protocol seems REALLY HAIRY, and I think that Mr. Wu's claims about
its
security may be rather premature.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M86, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613
763 9145
Messaging and Security Infrastructure Fax: (ESN) 395-1407 +1 613
765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
