[cryptography] phishing/password end-game (Re: Why anon-DH ...)

Ben Laurie ben at links.org
Sat Jan 19 14:01:27 EST 2013


On 19 January 2013 07:45, James A. Donald <jamesd at echeque.com> wrote:
> On 2013-01-19 2:14 AM, ianG wrote:
>>
>> Also, the confounded users tend to lose their phones or have them stolen.
>> And then they demand their 'identities' back, as if nothing has happened.
>> So the keys need to be agile, in some sense.  Which pushes us away from the
>> phone, to cloud, or a variant, and then we're back to the same old remote
>> password problem.
>
>
> Keys typically and commonly in the cloud, access them by SRP.

Time to mention Nigori again, which is essentially this, minus the FUD
around SRP.



More information about the cryptography mailing list