|
|
|
|
|
|
by M4v3R
4367 days ago
|
|
|
So, they've basically just reinvented SRP [1] using EC crypto. I'm a big fan of SRP and use it in production, but it has already years of refinements which makes it very secure. Designing auth mechanisms is hard, there are many subtle ways you can get it wrong. If you're looking for this kind of auth mechanism, I recommend to take a look at SRP first. Still, kudos for their efforts. If they continue to improve this, it could take a fair amount of auth "market" some day. [1] http://srp.stanford.edu |
|
|