[Security] About the Firefox 3 Security Dialog & others
melo at simplicidade.org
Fri Aug 22 16:58:08 CDT 2008
On Aug 22, 2008, at 9:16 PM, Jonathan Schleifer wrote:
> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>> SAS, I meant SAS.
> Just to be sure: What's the exact difference between SRP and SAS? I
> only had a short look at SRP and it seemed pretty similar.
The references I found:
* SAS: http://www.ietf.org/internet-drafts/draft-barreto-ietf-
* SRP: http://srp.stanford.edu/whatisit.html
If there are better ones, I would appreciate the links.
In the SAS case, it seems that you basically have a 32 bit signature
to send over an alternative channel. Each person reads that 32bit
signature to each other and if they match, the key is trusted. Please
correct me if I'm wrong.
What I like in SAS is that the 32bit key can be coded with words
using something like this: http://tothink.com/mnemonic/
This generates three words that encode the 32bit number. You can
check the URL but the choice of the word list was the interesting
factor for me. It gives you words that are pretty distant from each
other and over a voice channel less likely to be misinterpreted.
XMPP ID: melo at simplicidade.org
More information about the Security