[131802] in cryptography@c2.net mail archive
Re: SRP implementation - choices for N and g
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Aug 27 18:44:39 2008
Date: Thu, 28 Aug 2008 06:21:02 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Michael Tschannen <michael.tschannen@zhaw.ch>
CC: cryptography@metzdowd.com
In-Reply-To: <48B3C7A9.9080909@zhaw.ch>
Michael Tschannen wrote:
> Hi list
>
> Has anybody already gained experience concerning the technical
> implementation of SRP (http://srp.stanford.edu)? There is one point I
> couldn't find in any documentation: Should the modulus and the generator
> (N and g) be unique for each client or can they be chosen
> application-wide? What are the (security-related) implications in each
> case?
There is no readily apparent reason why N and g should not be
application wide.
Of course, some clever persons might discover some unobvious flaw.
Rather than using SRP, you might use J-PAKE. J-PAKE has a proof that
there is nothing wrong with J-PAKE unless there is something wrong with
all similar protocols, so you can go right ahead and do what all the
other protocols do - which is one value of N and g for all.
>
> Thanks,
>
> Michael
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
