On Fri, Mar 13, 2015 at 5:06 PM, Fabio Pietrosanti (naif) - lists <li...@infosecurity.ch> wrote: > On 3/13/15 3:11 PM, Solar Designer wrote: >>> Because SRP protocol is cool, but i'm really wondering if the default >>> methods are "strong enough" against bruteforcing. >> They are not. > That was my concern. > > Does anyone ever tried to make SRP authentication protocol > extensions/specs to work with server-side storage of hashes based on scrypt? > I believe the SRP verifiers are the equivalent to a salted, digested password in traditional password-based systems. (Some hand waiving - for example, the verifiers are taken modulo n).
If Scrypt provides the same security properties as provided by SHA and Whirlpool, then Scrypt should be a compatible replacement. It should not matter that Scrypt provides more security properties (namely, the memory hardness). Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography