What makes SRP inappropriate for elliptical curves? Obviously addition and multiplication are defined for ECC too...
-
-
Replying to @dakami
Ugh. SRP mixes field addition and (group) mult operations and this could leak bits of the password. Whether it’s exploitable I don’t know but it’s so random.
3 replies 1 retweet 7 likes -
Replying to @matthew_d_green @dakami
So: I send you B such that B-kg^x == -1 mod p. Now you leak a bit of x. Maybe even more if someone is clever. And god help you if you don’t pick g to be a generator of Z*n, the whole protocol breaks.
3 replies 1 retweet 3 likes -
Replying to @matthew_d_green
Is this theoretically a general SRP attack or one on a supposed SRP-ECC?
1 reply 1 retweet 1 like -
Replying to @dakami
There is no SRP-ECC. It doesn’t even translate. This is an attack (maybe!) against SRP.
3 replies 1 retweet 0 likes -
Replying to @matthew_d_green @dakami
Of course you already leak a bit of x if you set g to be a generator of Z*n so that’s not a huge deal. But it would be worse if you could get other bits. That seems hard. Who knows.
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
Maybe worth poking at. SRP is not the most widely deployed PAKE (that's probably the goop in WPA2, which we know isn't great) but it's certainly the most respected that has working implementations around.
2 replies 0 retweets 1 like -
Replying to @dakami
Are you talking about the asymmetric fancy corporate stuff in WPA2 or the symmetric stuff on my home router?
2 replies 0 retweets 1 like -
-
Replying to @dakami
Oh yeah that is goop. I hope the next generation adds a real PAKE.
2 replies 0 retweets 1 like
There are solid implementations of other PAKEs; nobody cares.
-
-
Apple does.
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green @jedisct1
It's not a big IETF thing. Shows up in verts.
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.