[cryptography] PBKDF2 + current GPU or ASIC farms = game over for passwords (Re: TLS2)

Wasa wasabee18 at gmail.com
Tue Oct 1 06:04:32 EDT 2013


On 30/09/13 22:11, Jeffrey Goldberg wrote:
> With SRP requires a shared secret key, so the attacker doesn’t even need to “crack a hash” after getting hold of a server’s password database
i don't think that's true. 
https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
The host pwd is of the form g^x where x=H(p,s)
same goes for JPAKE.



More information about the cryptography mailing list