[Security] About the Firefox 3 Security Dialog & others
ekr at rtfm.com
Fri Aug 22 17:23:51 CDT 2008
On Fri, Aug 22, 2008 at 3:12 PM, Pedro Melo <melo at simplicidade.org> wrote:
> Hi again,
> On Aug 22, 2008, at 10:58 PM, Pedro Melo wrote:
>> On Aug 22, 2008, at 9:16 PM, Jonathan Schleifer wrote:
>>> Am 22.08.2008 um 22:00 schrieb Pedro Melo:
>>>> SAS, I meant SAS.
>>> Just to be sure: What's the exact difference between SRP and SAS? I only
>>> had a short look at SRP and it seemed pretty similar.
>> The references I found:
>> * SAS:
> A better reference for SAS, given our context of TLS, is this:
> After doing the protocol you end up with a (minimal) 20bit SAS string.
> They recommend (section 5.2.1 Representing the SAS) that we use a base32
> representation. I personally prefer to use the mnemonic encoder
> (http://tothink.com/mnemonic/) that gives me a set of three pronounceable
> and distant words.
> Anyway, I prefer SAS because it simpler than SRP, given that I usually have
> an alternative channel (not necessary a secure one). SRP usually requires
> physical contact to exchange the secret, and if I'm with the person I want
> to authenticate, I might as well compare the full signature...
In what was is it simpler than SRP? Both require a secure alternative channel
for at least some value of secure.
SAS requires an integrity protected side channel. SRP requires a confidential
and integrity protected side channel, though the confidentiality window can
be made arbitrarily short by doing the password exchange right before the
More information about the Security