[cryptography] SRP 6a + storage of password's related material strength?

Jeffrey Walton noloader at gmail.com
Sun Mar 15 00:12:59 EDT 2015

On Fri, Mar 13, 2015 at 5:06 PM, Fabio Pietrosanti (naif) - lists
<lists at infosecurity.ch> wrote:
> On 3/13/15 3:11 PM, Solar Designer wrote:
>>> Because SRP protocol is cool, but i'm really wondering if the default
>>> methods are "strong enough" against bruteforcing.
>> They are not.
> That was my concern.
> Does anyone ever tried to make SRP  authentication protocol
> extensions/specs to work with server-side storage of hashes based on scrypt?
I believe the SRP verifiers are the equivalent to a salted, digested
password in traditional password-based systems.  (Some hand waiving -
for example, the verifiers are taken modulo n).

If Scrypt provides the same security properties as provided by SHA and
Whirlpool, then Scrypt should be a compatible replacement. It should
not matter that Scrypt provides more security properties (namely, the
memory hardness).


More information about the cryptography mailing list