[Cryptography] Toxic Combination
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Dec 3 02:34:20 EST 2014
Benjamin Kreuter <brk7bx at virginia.edu> writes:
>So. What would it take to get
>
>(1) scrypt/some other sequential-hard KDF
>
>(2) a zero-knowledge challenge-response PAKE protocol
>
>into UAs?
If by "UAs" you mean "browsers" then the answer is "something on the order of
divine intervention". The browser vendors have to date shown themselves to be
totally resistant to implementing anything that would threaten the CA business
model, so it's unlikely that something like TLS-SRP or TLS-PSK will ever be
supported.
Peter.
More information about the cryptography
mailing list