|
|
|
|
|
|
by zedshaw
5636 days ago
|
|
|
No, it's the best conversation because, unlike conversations with you, it brought legit testable things to test for and questioned basic assumptions I had based on actually looking at the code I'd made. E.g. A timing attack based on password length in SRP is legit. Everything you bring up is just yelling and screaming about browser security issues every login system has, then claiming your proposed login solution doesn't have them. Even in this comment you're all over the map. HMAC? I'm not using HMAC. RSA vs. SRP? One is an asymmetric cryptography algorithm and the other is a authentication protocol, which are very different. You can't just slap RSA on something and then it's an auth algorithm. There's a whole range of protocol analysis to do in addition to just using RSA. But why am I telling you that? You're a real cryptographer. How come you didn't mention the possible timing attack against SRP? |
|
|
As you know, I read your code, and I know you're not using HMAC. I'm saying that timing SRP based on passwords is like timing HMAC based on the key: ie, not how a timing attack on SRP would actually work.
I'm going to let someone else chime in and add details to this, because when you and I argue, it just becomes a crazy personality-driven soap opera. I have approximately the same issue with Kaminsky, so don't think that's somehow a criticism of you.
For the record: I'm not a real cryptographer. We do have some on HN. Colin Percival is really a cryptographer; he has been published multiple times in the literature. What I do is get paid to break systems, and I've been on a tear through crypto features in the last couple years. I am a second-rate Nate Lawson. That's all the background needed to sniff-test this Twitter dialog.