[cryptography] SRP 6a + storage of password's related material strength?

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Fri Mar 13 05:25:11 EDT 2015


Hi all,

SRP is a very cool authentication protocol, not yet widely deployed, but
with very interesting properties.

I'm wondering how strong is considered the storage of the password's
related material strength?

I mean, from a passive/offline brute forcing perspective, how can be
compared scrypt vs. SRP's server-side storage of passwords?

Does anyone ever considered that kind of problem?

Because SRP protocol is cool, but i'm really wondering if the default
methods are "strong enough" against bruteforcing.

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi



More information about the cryptography mailing list