[cryptography] SRP 6a + storage of password's related material strength?

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Fri Mar 13 05:25:11 EDT 2015

Hi all,

SRP is a very cool authentication protocol, not yet widely deployed, but
with very interesting properties.

I'm wondering how strong is considered the storage of the password's
related material strength?

I mean, from a passive/offline brute forcing perspective, how can be
compared scrypt vs. SRP's server-side storage of passwords?

Does anyone ever considered that kind of problem?

Because SRP protocol is cool, but i'm really wondering if the default
methods are "strong enough" against bruteforcing.

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi

More information about the cryptography mailing list