[Security] About the Firefox 3 Security Dialog & others

Eric Rescorla ekr at rtfm.com
Fri Aug 22 17:21:44 CDT 2008


On Fri, Aug 22, 2008 at 2:58 PM, Pedro Melo <melo at simplicidade.org> wrote:
>
> On Aug 22, 2008, at 9:16 PM, Jonathan Schleifer wrote:
>
>> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>>
>>> SAS, I meant SAS.
>>
>> Just to be sure: What's the exact difference between SRP and SAS? I only
>> had a short look at SRP and it seemed pretty similar.
>
> The references I found:
>
>  * SAS:
> http://www.ietf.org/internet-drafts/draft-barreto-ietf-dhhmac-sas-00.txt;
>  * SRP: http://srp.stanford.edu/whatisit.html
>
> If there are better ones, I would appreciate the links.
>
> In the SAS case, it seems that you basically have a 32 bit signature to send
> over an alternative channel. Each person reads that 32bit signature to each
> other and if they match, the key is trusted. Please correct me if I'm wrong.
>
> What I like in SAS is that the 32bit key can be coded with words using
> something like this: http://tothink.com/mnemonic/
>
> This generates three words that encode the 32bit number. You can check the
> URL but the choice of the word list was the interesting factor for me. It
> gives you words that are pretty distant from each other and over a voice
> channel less likely to be misinterpreted.

But you can have exactly this property with SRP: your implementation
randomly generates a 32-bit number and gives it to you using whatever
encoding you want (including the one you reference) and you read it over
the secure channel prior to commencing the handshake.

The relevant differences between SRP and SAS are:

- In SAS the SAS is generated after the handshake whereas in SRP the
password is generated before.
- With SRP, the password can be chosen by the users whereas with SAS
it's always random.

-Ekr


More information about the Security mailing list