Am 22.08.2008 um 22:35 schrieb Dirk Meyer:
Advantages SRP: users can select a password they can remember users could use the same link to exchange the password if they talk in a riddle an attacker may not know (name of the person I talked to you about yesterday that wants to buy a new TV)
Woudln't that mean an attacker could chose the question and chose one to which he knows the answer because it's not so secret? If an attacker does that with both ends, he has won, because he selected the question. Correct me if I'm wrong. I'm more for SAS anyway :). Most users will chose to easy questions.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
