At 2015-03-14 09:44:02 +0200, hlinn...@iki.fi wrote: > > Perhaps it would be time to restart the discussion on standardizing > SRP as a SASL mechanism in IETF.
I haven't seen much evidence that there's any interest in doing this; in fact, I can't remember the author of the draft you pointed to being very active in the discussions either. > Assume that the connection is not encrypted, and Eve captures the > SCRAM handshake between Alice and Bob. Using the captured handshake, > she can try to guess the password, offline. With a PAKE protocol, she > cannot do that. OK. I agree that this is a nice property. SCRAM made the design decision to hinder such attacks by using PBKDF2 rather than a zero-knowledge key exchange mechanism as SRP does. This was partly due to the trend that I mentioned of wanting to require TLS everywhere. I'm obviously biased in this matter, but I think it's acceptable for the potential attack to be frustrated by the use of PBKDF2 and defeated by the use of TLS (which is already possible with Postgres); and that in the balance, SCRAM is easier to implement securely than SRP. Of course, if you want to use "x" as your password everywhere, then SRP is preferable. ;-) -- Abhijit P.S. I don't know why the SRP code was removed from LibreSSL; nor am I sure how seriously to take that. It's possible that it's only because it's (still) rather obscure. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
