SRP implementation - choices for N and g
Tom Wu
tjw99 at yahoo.com
Wed Aug 27 00:43:18 EDT 2008
[Moderator's reminders:
1) 80 column text is easier for many of us to read.
2) Top posting considered harmful.
3) Trim quoted text, and please use ">" quoting if possible.
--Perry]
Michael,
I'd recommend taking a look a RFC 5054 (http://www.ietf.org/rfc/rfc5054.txt). Nearly all applications of SRP use application-wide choices for N and g, usually the ones standardized by IETF. The main advantage of such standardization is that clients do not have to verify safety of N and g on each transaction, which can be time-consuming.
Tom
--- On Tue, 8/26/08, Michael Tschannen <michael.tschannen at zhaw.ch> wrote:
> From: Michael Tschannen <michael.tschannen at zhaw.ch>
> Subject: SRP implementation - choices for N and g
> To: cryptography at metzdowd.com
> Date: Tuesday, August 26, 2008, 2:06 AM
> Hi list
>
> Has anybody already gained experience concerning the
> technical
> implementation of SRP (http://srp.stanford.edu)? There is
> one point I
> couldn't find in any documentation: Should the modulus
> and the generator
> (N and g) be unique for each client or can they be chosen
> application-wide? What are the (security-related)
> implications in each
> case?
>
> Thanks,
>
> Michael
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography"
> to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list