[2157] in cryptography@c2.net mail archive
Re: More on SRP
daemon@ATHENA.MIT.EDU (Mike Rosing)
Mon Feb 23 12:07:27 1998
Date: Mon, 23 Feb 1998 09:40:42 -0600 (CST)
From: Mike Rosing <cryptech@Mcs.Net>
To: Marc Horowitz <marc@cygnus.com>
cc: Marcus Leech <Marcus.Leech.mleech@nt.com>, EKR <ekr@terisa.com>,
cryptography@c2.net
In-Reply-To: <t53zpjisx5d.fsf@rover.cygnus.com>
On 23 Feb 1998, Marc Horowitz wrote:
> "Marcus Leech" <Marcus.Leech.mleech@nt.com> writes:
>
> >> My position is this: if you're going to design a protocol that has
> >> all the drawbacks of public-key cryptography (ie: speed, complexity, etc),
> >> then you might as well "do" public-key cryptography.
>
> SRP does not have one of the significant drawbacks of PKC: you don't
> need to store and distribute (possibly encrypted) private keys. I see
If you use elliptic curve PKC you don't need to store private keys. I
originally tried to find a way to make SRP work with elliptic curve crypto
and found that a dictionary attack was always possible. It is clear a
dictionary attack is possible with any math.
If you use ECC straight up you get authentication and secret sharing. A
dictionary attack is possible, but if you use a pass phrase instead of a
pass word it is far more difficult. The problem is that the user end has
to have computational ability, either a smart card or portable computer
which can convert the pass phrase into the private key and the ability
to use it with PKC. The cost of a keypad and 8 bit microcontroller is
small enough that this shouldn't be a deterent for places where real
security is required.
I agree with Marcus, SRP doesn't solve the login problem any better than
PKC can, assuming you use ECC. Training people to login with pass phrases
instead of pass words is going to take a long time, but where it is really
necessary it will happen first. The login process has to change, and that
will require a different model than is presently assumed mainframe -- dumb
terminal connections. The whole concept of "login" is ancient, it's time
to change it from a 1960's concept to a 2000's concept, mobile computers
talking to and thru lots of other computers (which may or may not be
moving relative to the login). Embedding PKC into the login process will
go a long way to really solving the problem of authenticated and secure
login.
Patience, persistence, truth,
Dr. mike
