On 3/13/15 3:11 PM, Solar Designer wrote: >> Because SRP protocol is cool, but i'm really wondering if the default >> methods are "strong enough" against bruteforcing. > They are not. That was my concern.
Does anyone ever tried to make SRP authentication protocol extensions/specs to work with server-side storage of hashes based on scrypt? >From my umble understanding of crypto, it would be like "leveraging the best properties" of SRP authentication protocol and scrypt password hashing. But yet, my poor-math brain have difficulties understanding if that's feasible or it's just a stupid consideration. Fabio _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
