[cryptography] SRP 6a + storage of password's related material strength?

Solar Designer solar at openwall.com
Fri Mar 13 10:11:35 EDT 2015

On Fri, Mar 13, 2015 at 10:25:11AM +0100, Fabio Pietrosanti (naif) - lists wrote:
> SRP is a very cool authentication protocol, not yet widely deployed, but
> with very interesting properties.
> I'm wondering how strong is considered the storage of the password's
> related material strength?
> I mean, from a passive/offline brute forcing perspective, how can be
> compared scrypt vs. SRP's server-side storage of passwords?

scrypt focuses on addressing this very problem.  SRP does not.

> Does anyone ever considered that kind of problem?



> Because SRP protocol is cool, but i'm really wondering if the default
> methods are "strong enough" against bruteforcing.

They are not.


More information about the cryptography mailing list