Re: SRP unencumbered license statement

To: Mika Kojo <mkojo%ssh.com@localhost>
Subject: Re: SRP unencumbered license statement
From: Tom Wu <tom%arcot.com@localhost>
Date: Tue, 01 May 2001 11:43:01 -0700

Mika Kojo wrote:
> 
> Tom Holroyd writes:
> > Not to mention that it provides strong authentication of both client *and*
> > server, even when the host key has changed or is unknown, and it doesn't
> > leak any information to eavesdroppers or MITM.  :-)
> >
> > So, SRP is ready to go.
> 
> The problem with SRP, when compared to some other password-AKE's, is
> that it doesn't provide a security proof in the standard
> models. Security proof would guarantee that negligible information
> leakage occurs when adversary is not capable of solving the decisional
> Diffie-Hellman problem or some such. If you have such a proof please
> supply a reference.

The only other password-based key exchange that has a security proof (in
the random oracle model) is PAK, and it's not free to my knowledge.  The
majority of the secure password protocols (EKE, SPEKE, etc.) fall into
the "unproven but unbroken" category.

> Best regards,
> Mika Kojo
> SSH Communications Security Corp

Tom
-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."

Follow-Ups:
- Re: SRP unencumbered license statement
  - From: Mika Kojo

References:
- Re: SRP unencumbered license statement available
  - From: RJ Atkinson
- Re: SRP unencumbered license statement
  - From: Tom Holroyd
- Re: SRP unencumbered license statement
  - From: Mika Kojo

Prev by Date: Re: SRP unencumbered license statement
Next by Date: Re: SRP unencumbered license statement
Previous by Thread: Re: SRP unencumbered license statement
Next by Thread: Re: SRP unencumbered license statement
Indexes:

Home | Main Index | Thread Index | Old Index