* Abhijit Menon-Sen (a...@2ndquadrant.com) wrote:
> As a followup, I spoke to an IETF friend who's used and implemented both
> SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
> significantly more difficult to implement (and therefore has a bit of a
> monoculture risk overall, though of course that wouldn't apply to us if
> we were to write the code from scratch).

There is also 'JPAKE':

http://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling

Which had been in OpenSSH and OpenSSL and is still in NSS and Firefox
Sync.

        Thanks!

                Stephen

Attachment: signature.asc
Description: Digital signature

Reply via email to