Re: SRP implementation - choices for N and g
Michael Tschannen wrote: Hi list Has anybody already gained experience concerning the technical implementation of SRP (http://srp.stanford.edu)? There is one point I couldn't find in any documentation: Should the modulus and the generator (N and g) be unique for each client or can they be chosen application-wide? What are the (security-related) implications in each case? There is no readily apparent reason why N and g should not be application wide. Of course, some clever persons might discover some unobvious flaw. Rather than using SRP, you might use J-PAKE. J-PAKE has a proof that there is nothing wrong with J-PAKE unless there is something wrong with all similar protocols, so you can go right ahead and do what all the other protocols do - which is one value of N and g for all. Thanks, Michael - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
SRP implementation - choices for N and g
Hi list Has anybody already gained experience concerning the technical implementation of SRP (http://srp.stanford.edu)? There is one point I couldn't find in any documentation: Should the modulus and the generator (N and g) be unique for each client or can they be chosen application-wide? What are the (security-related) implications in each case? Thanks, Michael - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: SRP implementation - choices for N and g
Michael Tschannen wrote: Has anybody already gained experience concerning the technical implementation of SRP (http://srp.stanford.edu)? There is one point I couldn't find in any documentation: Should the modulus and the generator (N and g) be unique for each client or can they be chosen application-wide? What are the (security-related) implications in each case? They can safely be chosen application-wide, so long as they are secure choices as per the Group parameter agreement section of the SRP spec. -- __ \/ o\ Paul Crowley, [EMAIL PROTECTED] /\__/ http://www.ciphergoth.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]