On Sat, Jan 19, 2013 at 2:01 PM, Ben Laurie <b...@links.org> wrote: > On 19 January 2013 07:45, James A. Donald <jam...@echeque.com> wrote: >> On 2013-01-19 2:14 AM, ianG wrote: >>> >>> Also, the confounded users tend to lose their phones or have them stolen. >>> And then they demand their 'identities' back, as if nothing has happened. >>> So the keys need to be agile, in some sense. Which pushes us away from the >>> phone, to cloud, or a variant, and then we're back to the same old remote >>> password problem. >> >> >> Keys typically and commonly in the cloud, access them by SRP. > > Time to mention Nigori again, which is essentially this, minus the FUD > around SRP. It kind of seems like apples and oranges to me (forgive my ignorance). SRP uses the pre-existing relationship between the organization and the user to key a secure channel with the shared secret. Nigori looks like ti has different goals and accomplishes different things (shared, secure, cloud storage).
The only FUD of SRP should be centered around short passwords since SRP itself is based on Diffie Hellman. I'm only aware of one attack (the 2-for-1 guessing). Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
