[Security] About the Firefox 3 Security Dialog & others

Dirk Meyer dmeyer at tzi.de
Fri Aug 22 15:35:31 CDT 2008


Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>
>> SAS, I meant SAS.
>
> Just to be sure: What's the exact difference between SRP and SAS? I
> only had a short look at SRP and it seemed pretty similar.

I only had a short look at SAS but if I understand it correctly is SAS
a key that is generated during the procedure by the system while SRP
uses a password that is chosen by the users before the communication.

Advantages SAS:
  prevents users from using stupid simple passwords
  allows it to verify a connection after the session setup

Advantages SRP:
  users can select a password they can remember
  users could use the same link to exchange the password if they talk
    in a riddle an attacker may not know (name of the person I talked
    to you about yesterday that wants to buy a new TV)

Correct me if I'm wrong :)


Dirk

-- 
If you're not part of the solution, be part of the problem!


More information about the Security mailing list