Hi all, SRP is a very cool authentication protocol, not yet widely deployed, but with very interesting properties.
I'm wondering how strong is considered the storage of the password's related material strength? I mean, from a passive/offline brute forcing perspective, how can be compared scrypt vs. SRP's server-side storage of passwords? Does anyone ever considered that kind of problem? Because SRP protocol is cool, but i'm really wondering if the default methods are "strong enough" against bruteforcing. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography