[cryptography] Secure Remote Password (SRP) and Plaintext Emil Address
James A. Donald
jamesd at echeque.com
Fri Oct 19 02:45:04 EDT 2012
On 2012-10-19 11:47 AM, Nico Williams wrote:
> Lack of client ID privacy protection can lead to some attacks such as
> password guesses based on the ID or knowledge of the person that ID is
> for. If you were working for a spy agency (say), you'd definitely
> want priv. prot. for the client ID!
If the attacker knows the email address, can identify the user - who is
very likely using the same password for his porn account, etc. Attacker
intercepts porn account using firesheep, and ... he is in.
More information about the cryptography