Re: draft minutes from meeting at ietf50..

[Markus Friedl <markus.friedl%informatik.uni-erlangen.de@localhost>]

On Sat, Apr 21, 2001 at 03:50:10PM +0900, Tom Holroyd wrote:
> On Fri, 20 Apr 2001, Niels Provos wrote:
> 
> > An adversary can listen to SSH network traffic to determine the length
> > of authentication passwords typed during login and interactive shell
> > sessions [B].
> 
> Of course SRP authentication fixes that...  The SRP shared secret can also
> be used to trigger a key-reexchange, which makes shorter DH parameters
> less of a problem.

i don't see how SRP makes traffic analysis harder.

could you please provide details.

-m