CryptKit 0.9: cryptsock

Bryan bryan at
Mon Dec 3 09:40:52 EST 2001

On Sunday 02 December 2001 09:26 pm, Paul Crowley wrote:

> AMP carries a "proof of security", but I can't follow it, and I spoke
> to an expert in this field who says he's not convinced by it either.
> Furthermore, AMP has a similar problem to SRP, that a sufficiently
> devious fake server can check two passwords with every query.  That
> the proof doesn't rule this out indicates some problems with it.
> It's straightforward to propose a variant on AMP that doesn't have
> this problem, and that variant may be secure, but I'd like to have a
> better way to construct the proof of security for that.
> As far as I can tell from the ResearchIndex URL, that paper hasn't
> been published yet as such.  I think the protocol has great merit and
> I hope it does get published, though I don't see the advantages of the
> "amplification scheme" over simply encrypting the password file with a
> symmetric cipher.
> If I was going to implement something now, I'd certainly use SRP.

Thanks for the input. What are your thoughts about EC-PAK?

Bryan Mongeau
eEvolved Real-Time Technologies Inc.
Public key:

"Eventually software systems will be able to create bold new designs without 
human help. Will most people call such systems intelligent? It doesn't really 
matter." -- K. Eric Drexler

More information about the Python-list mailing list