SRP implementation - choices for N and g
James A. Donald
jamesd at echeque.com
Wed Aug 27 16:21:02 EDT 2008
Michael Tschannen wrote:
> Hi list
>
> Has anybody already gained experience concerning the technical
> implementation of SRP (http://srp.stanford.edu)? There is one point I
> couldn't find in any documentation: Should the modulus and the generator
> (N and g) be unique for each client or can they be chosen
> application-wide? What are the (security-related) implications in each
> case?
There is no readily apparent reason why N and g should not be
application wide.
Of course, some clever persons might discover some unobvious flaw.
Rather than using SRP, you might use J-PAKE. J-PAKE has a proof that
there is nothing wrong with J-PAKE unless there is something wrong with
all similar protocols, so you can go right ahead and do what all the
other protocols do - which is one value of N and g for all.
>
> Thanks,
>
> Michael
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list