[Security] About the Firefox 3 Security Dialog & others
Dirk Meyer
dmeyer at tzi.de
Fri Aug 22 15:35:31 CDT 2008
Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>
>> SAS, I meant SAS.
>
> Just to be sure: What's the exact difference between SRP and SAS? I
> only had a short look at SRP and it seemed pretty similar.
I only had a short look at SAS but if I understand it correctly is SAS
a key that is generated during the procedure by the system while SRP
uses a password that is chosen by the users before the communication.
Advantages SAS:
prevents users from using stupid simple passwords
allows it to verify a connection after the session setup
Advantages SRP:
users can select a password they can remember
users could use the same link to exchange the password if they talk
in a riddle an attacker may not know (name of the person I talked
to you about yesterday that wants to buy a new TV)
Correct me if I'm wrong :)
Dirk
--
If you're not part of the solution, be part of the problem!
More information about the Security
mailing list