On Thu, Oct 10, 2013 at 7:23 PM, T. Linden <tlin...@cpan.org> wrote: > It creates a hash from the password and then a hash from that hash, > 128.000 times. I admit that this kind of key derivation is simple. But > libsodium doesn't provide one currently.
OK, understood. We'll need to standardize the algorithm here. It would indeed be best if libsodium would implement scrypt. Since Frank is using ZeroMQ, it's plausible. > That's right and it would work, but you can't authenticate clients based > on their public key then, can you? The degree of trust you'd have would depend on how you get such certificates. If they're sent automatically across public internet, not much trust. If you are copying them manually, over ssh or by USB key, quite a lot of trust. One could verify a certificate manually over a separate channel. I don't know... lots of ways that could be very costly to attack. Alternatively the server can generate key pairs for clients, but that flips the problem around. -Pieter _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
