[cryptography] phishing/password end-game (Re: Why anon-DH ...)

Jeffrey Walton noloader at gmail.com
Sat Jan 19 14:24:29 EST 2013


On Sat, Jan 19, 2013 at 2:01 PM, Ben Laurie <ben at links.org> wrote:
> On 19 January 2013 07:45, James A. Donald <jamesd at echeque.com> wrote:
>> On 2013-01-19 2:14 AM, ianG wrote:
>>>
>>> Also, the confounded users tend to lose their phones or have them stolen.
>>> And then they demand their 'identities' back, as if nothing has happened.
>>> So the keys need to be agile, in some sense.  Which pushes us away from the
>>> phone, to cloud, or a variant, and then we're back to the same old remote
>>> password problem.
>>
>>
>> Keys typically and commonly in the cloud, access them by SRP.
>
> Time to mention Nigori again, which is essentially this, minus the FUD
> around SRP.
It kind of seems like apples and oranges to me (forgive my ignorance).
SRP uses the pre-existing relationship between the organization and
the user to key a secure channel with the shared secret. Nigori looks
like ti has different goals and accomplishes different things (shared,
secure, cloud storage).

The only FUD of SRP should be centered around short passwords since
SRP itself is based on Diffie Hellman. I'm only aware of one attack
(the 2-for-1 guessing).

Jeff



More information about the cryptography mailing list