* Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> I'm not sure how expensive a brute force attack on SRP would be,
> using a stolen backup tape. There doesn't seem to be an iterations
> count similar to SCRAM. But note that SRP's resistance to
> brute-forcing the authentication handshake is of a different kind.
> It's not just expensive, but outright impossible. (Don't ask me how
> that works; I'm not well-versed in the maths involved.) That's a big
> advantage because it means that it's OK to use a fairly weak
> password like 'foobar123' that would be trivially cracked with a
> dictionary attack.
If it's actually impossible then that's certainly interesting.. I don't
get how that's possible, but ok.
> (You can still connect to the server and try
> different passwords, but the server can log that and throttle how
> many guesses / minute it let's you do)
Wouldn't that be nice... Wish we did it. :(
Thanks,
Stephen