[cryptography] Client-side SRP "vs." server-side KDF

Patrick Mylund Nielsen cryptography at patrickmylund.com
Wed Aug 15 20:47:52 EDT 2012

By reproducible I mean re-usable, sorry.

On Thu, Aug 16, 2012 at 2:46 AM, Patrick Mylund Nielsen <
cryptography at patrickmylund.com> wrote:

> Blizzard Entertainment has been receiving a lot of flak from tech and mass
> media lately for choosing to employ SRP in their Battle.net clients and
> games. A lot of these outlets have been suggesting that SRP is "weaker"
> than KDFs, and that Blizzard switch out SRP on the client side for a KDF on
> the server side. That seems to me a very apples-to-oranges comparison
> (indeed akin to blaming Diffie-Hellman key exchange for the fact that DES
> is easy to break,) and indeed would only replace one security issue (weak
> password digests/verifiers on the server) for another (susceptibility to
> network eaves-dropping.) As far as I know, the SRP authors never made any
> claim about the verifiers being hardened against dictionary attacks.
> It seems to me that a strong KDF on the client side, like PBKDF2 or scrypt
> (optionally with a salt managed by the server,) coupled with a
> non-reproducible proof of some sort, like SRP, would be the ideal solution,
> not one or the other. What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120816/b91590cc/attachment.html>

More information about the cryptography mailing list