[Security] TLS-SRP Questions

Hannes Tschofenig Hannes.Tschofenig at gmx.net
Thu Aug 21 12:34:10 CDT 2008


>
> There is a big difference btwn a 20 bit key which can be secure with 
> srp versus a 80 bit or so key with psk. If users are in the loop...
>
I understand that but I assume that the key that is being used in this 
context isn't really a long-term secret shared between the two users but 
rather something that is dynamically created and then exchanged within 
the e2e signaling exchange. I doubt that a model that relies on both 
parties having a shared secret is particularly practical for most of the 
users...

Ciao
Hannes



More information about the Security mailing list