* Abhijit Menon-Sen (ams@2ndQuadrant.com) wrote:
> As a followup, I spoke to an IETF friend who's used and implemented both
> SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
> significantly more difficult to implement (and therefore has a bit of a
> monoculture risk overall, though of course that wouldn't apply to us if
> we were to write the code from scratch).
There is also 'JPAKE':
http://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
Which had been in OpenSSH and OpenSSL and is still in NSS and Firefox
Sync.
Thanks!
Stephen