On Fri Mar 6 03:33:53 2009, Eric Rescorla wrote:
SCRAM is susceptible to offline dictionary attacks, whereas SRP is not.
Indeed so, but...
Obviously, you could do something SRP-oid at the app layer, but we really should decide if dictionary attack resistance is an important element.
I don't think it is - we're not talking in terms of a long-term shared-secret, we're talking about an ephemeral secret shared (say) over the phone, used purely to verify a channel, and, by that, optionally the peer's X.509 cert.
If an offline dictionary attack can be mounted within the kind of timescales we're talking, then I'm off to buy a tinfoil hat, because those guys have had it right all along... ;-)
Dave. -- Dave Cridland - mailto:[email protected] - xmpp:[email protected] - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
