[131753] in cryptography@c2.net mail archive
Re: SRP implementation - choices for N and g
daemon@ATHENA.MIT.EDU (Tom Wu)
Wed Aug 27 10:54:06 2008
Date: Tue, 26 Aug 2008 21:43:18 -0700 (PDT)
From: Tom Wu <tjw99@yahoo.com>
Reply-To: tjw99@yahoo.com
To: cryptography@metzdowd.com, Michael Tschannen <michael.tschannen@zhaw.ch>
In-Reply-To: <48B3C7A9.9080909@zhaw.ch>
[Moderator's reminders:
1) 80 column text is easier for many of us to read.
2) Top posting considered harmful.
3) Trim quoted text, and please use ">" quoting if possible.
--Perry]
Michael,
I'd recommend taking a look a RFC 5054 (http://www.ietf.org/rfc/rfc5054.txt). Nearly all applications of SRP use application-wide choices for N and g, usually the ones standardized by IETF. The main advantage of such standardization is that clients do not have to verify safety of N and g on each transaction, which can be time-consuming.
Tom
--- On Tue, 8/26/08, Michael Tschannen <michael.tschannen@zhaw.ch> wrote:
> From: Michael Tschannen <michael.tschannen@zhaw.ch>
> Subject: SRP implementation - choices for N and g
> To: cryptography@metzdowd.com
> Date: Tuesday, August 26, 2008, 2:06 AM
> Hi list
>
> Has anybody already gained experience concerning the
> technical
> implementation of SRP (http://srp.stanford.edu)? There is
> one point I
> couldn't find in any documentation: Should the modulus
> and the generator
> (N and g) be unique for each client or can they be chosen
> application-wide? What are the (security-related)
> implications in each
> case?
>
> Thanks,
>
> Michael
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography"
> to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
