[2151] in cryptography@c2.net mail archive
Re: More on SRP
daemon@ATHENA.MIT.EDU (EKR)
Sun Feb 22 22:09:11 1998
To: "Marcus Leech" <Marcus.Leech.mleech@nt.com>
From: EKR <ekr@terisa.com>
Cc: cryptography@c2.net
Date: 22 Feb 1998 09:37:25 -0800
In-Reply-To: "Marcus Leech"'s message of Fri, 20 Feb 1998 23:15:15 +0100
"Marcus Leech" <Marcus.Leech.mleech@nt.com> writes:
> One could argue "oh, but SRP does key exchange AND authentication all in
> one protocol". There exist protocols that do this already, using
> well-analysed techniques, and likely with fewer exchanges.
As I understand it the point of SRP is to provide an authenticated
key exchange where the method of authentication is a simple password,
but which isn't susceptible to dictionary attacks, even in the
face of an active attack.
Now, I haven't really analyzed it so I can't say if it accomplishes
this goal or not. Nor, for that amtter, am I convinced that this is
a worthwhile engineering goal to shoot for, but I think that is
the position that SRP is supposed to occupy.
-Ekr
--
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."
