[cryptography] SRP 6a + storage of password's related material strength?

Solar Designer solar at openwall.com
Fri Mar 13 10:11:35 EDT 2015


On Fri, Mar 13, 2015 at 10:25:11AM +0100, Fabio Pietrosanti (naif) - lists wrote:
> SRP is a very cool authentication protocol, not yet widely deployed, but
> with very interesting properties.
> 
> I'm wondering how strong is considered the storage of the password's
> related material strength?
> 
> I mean, from a passive/offline brute forcing perspective, how can be
> compared scrypt vs. SRP's server-side storage of passwords?

scrypt focuses on addressing this very problem.  SRP does not.

> Does anyone ever considered that kind of problem?

Yes:

https://twitter.com/JokFP/status/234074891408793600
http://opine.me/blizzards-battle-net-hack/
http://opine.me/srp-to-sha1/

> Because SRP protocol is cool, but i'm really wondering if the default
> methods are "strong enough" against bruteforcing.

They are not.

Alexander


More information about the cryptography mailing list