Re: draft minutes from meeting at ietf50..

[Tom Holroyd <tomh%po.crl.go.jp@localhost>]

On Fri, 20 Apr 2001, Niels Provos wrote:

> An adversary can listen to SSH network traffic to determine the length
> of authentication passwords typed during login and interactive shell
> sessions [B].

Of course SRP authentication fixes that...  The SRP shared secret can also
be used to trigger a key-reexchange, which makes shorter DH parameters
less of a problem.

Tom Wu tells me that Stanford should be issuing the all-clear on SRP any
day now...

Dr. Tom