CryptKit 0.9: cryptsock
Bryan
bryan at eevolved.com
Mon Dec 3 09:40:52 EST 2001
More information about the Python-list mailing list
Mon Dec 3 09:40:52 EST 2001
- Previous message (by thread): CryptKit 0.9: cryptsock
- Next message (by thread): CryptKit 0.9: cryptsock
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sunday 02 December 2001 09:26 pm, Paul Crowley wrote: > AMP carries a "proof of security", but I can't follow it, and I spoke > to an expert in this field who says he's not convinced by it either. > Furthermore, AMP has a similar problem to SRP, that a sufficiently > devious fake server can check two passwords with every query. That > the proof doesn't rule this out indicates some problems with it. > > It's straightforward to propose a variant on AMP that doesn't have > this problem, and that variant may be secure, but I'd like to have a > better way to construct the proof of security for that. > > As far as I can tell from the ResearchIndex URL, that paper hasn't > been published yet as such. I think the protocol has great merit and > I hope it does get published, though I don't see the advantages of the > "amplification scheme" over simply encrypting the password file with a > symmetric cipher. > > If I was going to implement something now, I'd certainly use SRP. Thanks for the input. What are your thoughts about EC-PAK? http://citeseer.nj.nec.com/mackenzie01more.html -- <==================================> Bryan Mongeau eEvolved Real-Time Technologies Inc. Website: http://www.eevolved.com Public key: http://pgp.mit.edu <==================================> "Eventually software systems will be able to create bold new designs without human help. Will most people call such systems intelligent? It doesn't really matter." -- K. Eric Drexler
- Previous message (by thread): CryptKit 0.9: cryptsock
- Next message (by thread): CryptKit 0.9: cryptsock
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list