Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>
>> SAS, I meant SAS.
>
> Just to be sure: What's the exact difference between SRP and SAS? I
> only had a short look at SRP and it seemed pretty similar.
I only had a short look at SAS but if I understand it correctly is SAS
a key that is generated during the procedure by the system while SRP
uses a password that is chosen by the users before the communication.
Advantages SAS:
prevents users from using stupid simple passwords
allows it to verify a connection after the session setup
Advantages SRP:
users can select a password they can remember
users could use the same link to exchange the password if they talk
in a riddle an attacker may not know (name of the person I talked
to you about yesterday that wants to buy a new TV)
Correct me if I'm wrong :)
Dirk
--
If you're not part of the solution, be part of the problem!
