Could you be so kind as to explain how an attack on SRP could be
constructed? As each session is based on two large random numbers, one on
the client and one on the server, and that no information regarding the
password is ever exchanged, the protocol itself is robust and secure.
What your link discusses is not SRP, per se, but the resistance of a stolen
verifier to a dictionary attack. Note that the use of a per-account random
seed precludes the use of rainbow tables.
Since a verifier is computed from <account, seed, password> and the
account, seed, password, the (stolen) password are all known, there is no
protection against a brute force or dictionary attack other than the per
guess cpu cost to compute a prospective verifier. Ultimately, it's a fool
errand. Security comes from an astronomical number of possibilies, not the
cpu cost per possibility.
I suggest that a more fruitful program be to prevent verifiers from being
stolen in the first place.
By the way, also note that breaking one account/password/verifier tells you
exactly nothing about any other verifier.
On Wednesday, December 3, 2014, marius adrian popa <[email protected]> wrote:
> At least we can change from sha1 to sha2 , in some casese it can help with
> password guessing (dictionary atttacks)
>
> http://opine.me/blizzards-battle-net-hack/
>
> Also I would choose a better hash step
>
>
> http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846
>
>
> The fundamental concepts behind SRP (which is linked to Diffie-Hellman)
> are still sound, but there are two steps which must be taken for any SRP
> implementation to be secure against these attacks:
>
> 1. The bit-length of the modulus āNā must be at least 1024-bit to
> prevent an attacker from computing the discrete logarithm
> 2. The hashing step currently defined as a two-step SHA1 in RFC 2945
> must be replaced with at least PBKDF2, bcrypt, or scrypt, with an
> appropriate iteration count / tuning parameters to deter from dictionary
> attacks
>
> http://opine.me/srp-to-sha1/
>
>
>
> On Nov 26, 2014 3:52 AM, "James Starkey" <[email protected]
> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote:
>
>> On the list of vulnerabilities, this probably about 250. The probability
>> of a random collision is something like 2^79 instead of the design goal of
>> 2^128, but the probabilty of a manufactured duplicate is still around 2^128.
>>
>> SSL sucks right, left, and center by comparison -- it has zippo
>> protection in the face of government intrusion,
>>
>> There are many, many more important things to worry about than SSH-1.
>> One should try to use the best available technology, but getting your
>> knickers in a twist over an insignificant vulnerability just isn't called
>> for.
>>
>>
>> On Tuesday, November 25, 2014, marius adrian popa <[email protected]
>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote:
>>
>>> maybe is time to upgrade to sha-2
>>>
>>> http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
>>>
>>
>>
>> --
>> Jim Starkey
>>
>>
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>> Firebird-Devel mailing list, web interface at
>> https://lists.sourceforge.net/lists/listinfo/firebird-devel
>>
>>
--
Jim Starkey
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
