[cryptography] SRP 6a + storage of password's related material strength?
Fabio Pietrosanti (naif) - lists
lists at infosecurity.ch
Fri Mar 13 17:06:33 EDT 2015
On 3/13/15 3:11 PM, Solar Designer wrote:
>> Because SRP protocol is cool, but i'm really wondering if the default
>> methods are "strong enough" against bruteforcing.
> They are not.
That was my concern.
Does anyone ever tried to make SRP authentication protocol
extensions/specs to work with server-side storage of hashes based on scrypt?
>From my umble understanding of crypto, it would be like "leveraging the
best properties" of SRP authentication protocol and scrypt password hashing.
But yet, my poor-math brain have difficulties understanding if that's
feasible or it's just a stupid consideration.
More information about the cryptography