On Fri Mar 6 14:03:58 2009, Eric Rescorla wrote:
On Fri, Mar 6, 2009 at 5:04 AM, Dave Cridland <[email protected]>
wrote:
> I don't think it is - we're not talking in terms of a long-term
> shared-secret, we're talking about an ephemeral secret shared
(say) over the
> phone, used purely to verify a channel, and, by that, optionally
the peer's
> X.509 cert.
You're assuming that these aren't separated by a time scale of
hours to
days. I don' think that's at all safe.
Well, yes. But you can't do an offline dictionary attack on SCRAM
until you've witnessed the SCRAM exchange. By which time it's too
late to do anything about it.
> If an offline dictionary attack can be mounted within the kind of
timescales
> we're talking, then I'm off to buy a tinfoil hat, because those
guys have
> had it right all along... ;-)
I heard suggestions of 4 digit PINs. Those can be bruteforced in
less than
a second.
Still needs time travel to make this attack work, doesn't it?
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
