[Moderator's reminders:
1) 80 column text is easier for many of us to read.
2) Top posting considered harmful.
3) Trim quoted text, and please use ">" quoting if possible.
--Perry]
Michael,
I'd recommend taking a look a RFC 5054 (http://www.ietf.org/rfc/rfc5054.txt).
Nearly all applications of SRP use application-wide choices for N and g,
usually the ones standardized by IETF. The main advantage of such
standardization is that clients do not have to verify safety of N and g on each
transaction, which can be time-consuming.
Tom
--- On Tue, 8/26/08, Michael Tschannen <[EMAIL PROTECTED]> wrote:
> From: Michael Tschannen <[EMAIL PROTECTED]>
> Subject: SRP implementation - choices for N and g
> To: [email protected]
> Date: Tuesday, August 26, 2008, 2:06 AM
> Hi list
>
> Has anybody already gained experience concerning the
> technical
> implementation of SRP (http://srp.stanford.edu)? There is
> one point I
> couldn't find in any documentation: Should the modulus
> and the generator
> (N and g) be unique for each client or can they be chosen
> application-wide? What are the (security-related)
> implications in each
> case?
>
> Thanks,
>
> Michael
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography"
> to [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
