On Friday 16 November 2007 18:05, Florent Daigni?re wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-11-16 17:41:34]: > > > And possibly SRP. > > PRO: We can use easy-to-remember/communicate (low entropy) passphrases, rather > > than 32 bytes (64 hex chars, 43 base64). > > PRO: And it's still secure, provided that we have a limited number of attempts > > per password (so for SRP-based invites we will need IP:port, invite counter, > > passphrase). > > SRP would normally be a one-way invite, but if the inviter is NATed Fred would > > ask for the IP:port of the invitee. > > CON: How would we obfuscate it? Dictionary resistance requires that we don't > > just send the password - SRP has a "username" aka invite counter so that it > > can only allow a small number of attempts for a specific username/invite... > > So we can't just superencrypt using the password! > > And why not ? :) Use a few bytes of H(password)... Make it so small that > collisions are more than probable. He will end up with a hashcash to > solve... and SRP is gonna give him only a few tries.
Nah, this lets him try a very large number of possible passwords (8 million maybe average?) before he runs out of tries, because they don't count if they're not successfully decrypted. > > Btw, if you generate passwords, you can be confident that they don't > figure in any dictionary ;) > > NextGen$ > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071116/9a384cc4/attachment.pgp>
