A friend of mine at Stanford is working on this. Can anyone spare =
the time to do a review for me?
-- Ernie P.
SRP stands for the Secure Remote Password protocol, and it =
represents a new mechanism for performing password-based =
authentication and key exchange over potentially insecure =
networks. SRP offers both security and convenience improvements =
over authentication techniques currently in use.
* _What does SRP do?_
* _Three Important Issues in Password Authentication_
- _Dictionary Attacks_
- _Plaintext-Equivalence_
- _Forward Secrecy_
* _A Brief History of Password Authentication_
- _Weak and Obsolete Authentication_
- _Stronger Authentication_
- _Inconvenient Authentication_
* _SRP Protocol Summary_
* SRP technical paper - available as _PostScript_ or _HTML_ )
Accepted for presentation at the _ISOC_ _NDSS '98 symposium_, it =
contains a proof of SRP's security against eavesdroppers and =
proves it to be more secure than challenge-response.
* _SRP survives scrutiny on the Internet_
* _Advantages of SRP_ (or: How does SRP fit in?)
- _Security Advantages_
- _Technical Advantages_
- _Political Advantages_
* _The Case for Moving to SRP_ (or: Why should I care?)
--NeXT-Mail-1664908749-1
Content-Type: multipart/mixed; boundary=NeXT-Mail-133757986-2
Content-Transfer-Encoding: 7bit
--NeXT-Mail-133757986-2
Content-Type: text/enriched; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
A friend of mine at Stanford is working on this. Can anyone spare =
the time to do a review for me?
-- Ernie P.
<bold>SRP
</bold> stands for the
<bold> S
</bold>ecure
<bold> R
</bold>emote
<bold> P
</bold>assword protocol, and it represents a new mechanism for =
performing password-based authentication and key exchange over =
potentially insecure networks. SRP offers both security and =
convenience improvements over authentication techniques currently =
in use.
<smaller>
</smaller>*
=20
<underline>_
</underline>What does SRP do?_
*
=20
<underline>_
</underline>Three Important Issues in Password Authentication_
-
=20
<underline>_
</underline>Dictionary Attacks_
-
=20
<underline>_
</underline>Plaintext-Equivalence_
-
=20
<underline>_
</underline>Forward Secrecy_
*
=20
<underline>_
</underline>A Brief History of Password Authentication_
-
=20
<underline>_
</underline>Weak and Obsolete Authentication_
-
=20
<underline>_
</underline>Stronger Authentication_
-
=20
<underline>_
</underline>Inconvenient Authentication_
*
=20
<underline>_
</underline>SRP Protocol Summary_
* SRP technical paper - available as
=20
<underline>_
</underline>PostScript_
or
=20
<underline>_
</underline>HTML_
=20
--NeXT-Mail-133757986-2
Content-Type: image/tiff; name=new.tiff
Content-Transfer-Encoding: base64
TU0AKgAACAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8A
AAD/AAAA/wAAAAAAAAAAAAAAAAAAAP///wD/AAAA/wAAAAAAAAAAAAAA/wAAAP8AAAAA
AAAAAAAAAAAAAAAAAAAA////AP8AAAD/AAAAAAAAAAAAAAAAAAAAAAAAAP8AAAD/AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AP///wD/AAAA/wAAAAAAAAD///8A////
AP8AAAD/AAAAAAAAAP///wD///8A/wAAAP8AAAAAAAAAAAAAAP///wD///8A////AP8A
AAD/AAAAAAAAAAAAAAD///8A/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////AP///wD/AAAA////AP///wD///8A////AP8AAAD///8A////AP///wD///8A
/wAAAP8AAAD///8A////AP///wD///8A////AP8AAAD/AAAA////AP///wD/AAAA/wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8A////AP//
/wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD/
//8A////AP///wD///8A/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAD///8A////AP8AAAD///8A////AP///wD/AAAA////AP8AAAD/AAAA/wAA
AP8AAAD///8A/wAAAP///wD///8A////AP///wD/AAAA////AP///wD/AAAA/wAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/AAAA////AP///wD///8A/wAAAP8AAAD/
//8A////AP8AAAD///8A/wAAAP///wD///8A////AP///wD/AAAA////AP///wD///8A
////AP8AAAD///8A////AP///wD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////
AP///wD///8A////AP///wD/AAAA////AP8AAAD///8A/wAAAP///wD/AAAA/wAAAP8A
AAD///8A////AP8AAAD///8A/wAAAP8AAAD///8A/wAAAP///wD///8A////AP///wD/
AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAP///wD///8A////AP8AAAD///8A
////AP8AAAD/AAAA////AP8AAAD///8A////AP///wD///8A/wAAAP8AAAD/AAAA/wAA
AP8AAAD/AAAA////AP///wD/AAAA/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP///wD///8A/wAAAP///wD///8A////AP8AAAD///8A/wAAAP///wD/
//8A////AP///wD///8A/wAAAP///wD///8A/wAAAP///wD///8A/wAAAP8AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD/AAAA////
AP///wD///8A/wAAAP///wD/AAAA/wAAAP8AAAD/AAAA////AP///wD/AAAA////AP//
/wD/AAAA////AP///wD///8A/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A
////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A/wAA
AP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP8AAAD/AAAA////AP//
/wD///8A////AP///wD/AAAA/wAAAP///wD///8A////AP///wD/AAAA/wAAAP///wD/
//8A////AP///wD/AAAA////AP///wD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
////AP8AAAD/AAAA/wAAAAAAAAAAAAAA////AP///wD///8A/wAAAP8AAAAAAAAAAAAA
AP///wD///8A/wAAAP8AAAAAAAAAAAAAAP///wD///8A/wAAAP8AAAAAAAAA////AP//
/wD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////AP8AAAD/AAAAAAAAAAAAAAAAAAAAAAAAAP8AAAD/AAAAAAAAAAAAAAAAAAAA
AAAAAP///wD/AAAA/wAAAAAAAAAAAAAA/wAAAP8AAAD/AAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAANAQAAAwAAAAEAIAAAAQEAAwAAAAEAEAAAAQIAAwAAAAQA
AAiqAQMAAwAAAAEAAQAAAQYAAwAAAAEAAgAAAREABAAAAAEAAAAIARUAAwAAAAEABAAA
ARcABAAAAAEAAAgAARoABQAAAAEAAAiyARsABQAAAAEAAAi6ARwAAwAAAAEAAQAAASgA
AwAAAAEAAgAAAVIAAwAAAAEAAQAAAAAAAAAIAAgACAAIAAr8gAAAJxAACvyAAAAnEA==
--NeXT-Mail-133757986-2
Content-Type: text/enriched; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
)
Accepted for presentation at the
=20
<underline>_
</underline>ISOC_=20
<underline>_
</underline>NDSS '98 symposium_
, it contains a proof of SRP's security against eavesdroppers and =
proves it to be more secure than challenge-response.
*
=20
<underline>_
</underline>SRP survives scrutiny on the Internet_
*
=20
<underline>_
</underline>Advantages of SRP_
(or: How does SRP fit in?)
-
=20
<underline>_
</underline>Security Advantages_
-
=20
<underline>_
</underline>Technical Advantages_
-
=20
<underline>_
</underline>Political Advantages_
*
=20
<underline>_
</underline>The Case for Moving to SRP_
(or: Why should I care?)
--NeXT-Mail-133757986-2--
--NeXT-Mail-1664908749-1--