Paul Rubin wrote: >Laszlo Zsolt Nagy <[EMAIL PROTECTED]> writes: > > >>This is a bit offtopic here. I read the RFC and I do not see why SRP >>is not vulnerable to dictionary attacks. >>If I have a working client software then I can use it to reveal >>passwords. Isn't it a dictionary attack? >> >> > >Dictionary attack in this context means an eavesdropper records a >session, then compares all the hashed passwords against a word list >offline. If the attacker is allowed to make unlimited online queries, >then he can guess at SRP passwords too. But the host should notice >that and prevent it. > > I see. So the eavesdropper records the random strings and the password hash value sent. Having these values, he can try to find a suitable password in his list that will result in the same communication. He can do this without having to connect to the server again, just by replaying the algorithm for a given password (and the same 'random' strings).
The difference in SRP is that the random strings are private, they will never be sent over the network. So they cannot be eavesdropped. Cracking SRP would require to calculate the dividers of a product of two very big primes (like in RSA). This is why it is hard to use dictionary attacks - you cannot replay the algorithm for a given password. Thank you, I think I understand now. Les -- http://mail.python.org/mailman/listinfo/python-list