Michael Tschannen wrote:
Has anybody already gained experience concerning the technical implementation of SRP (http://srp.stanford.edu)? There is one point I couldn't find in any documentation: Should the modulus and the generator (N and g) be unique for each client or can they be chosen application-wide? What are the (security-related) implications in each case?
They can safely be chosen application-wide, so long as they are secure choices as per the "Group parameter agreement" section of the SRP spec. --
__ \/ o\ Paul Crowley, [EMAIL PROTECTED] /\__/ http://www.ciphergoth.org/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]