* Abhijit Menon-Sen (a...@2ndquadrant.com) wrote: > As a followup, I spoke to an IETF friend who's used and implemented both > SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's > significantly more difficult to implement (and therefore has a bit of a > monoculture risk overall, though of course that wouldn't apply to us if > we were to write the code from scratch).
There is also 'JPAKE': http://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling Which had been in OpenSSH and OpenSSL and is still in NSS and Firefox Sync. Thanks! Stephen
signature.asc
Description: Digital signature
