[tptacek]

dakami Outsourced auth where well-behaving nodes never learn the plaintext password is not without value. Is your SRP math constant time?

zedshaw No calc time degrades exponentially. 512 right now which is the fastest safe, but I can take it up to 4096 which is really slow.

dakami I mean, constant time relative to the passwords in use?

Here's the part where you start to wonder whether both parties in this conversation know how SRP works. I'm pretty sure Zed knows it (which is why I'm confused by his comments on this thread).

Kaminsky does start this thread saying a lot of completely reasonable things about web authentication schemes, for whatever that's worth.