Send password over TCP connection
Laszlo Zsolt Nagy
gandalf at designaproduct.biz
Tue Oct 11 03:55:07 EDT 2005
Paul Rubin wrote:
>Laszlo Zsolt Nagy <gandalf at designaproduct.biz> writes:
>
>
>>This is a bit offtopic here. I read the RFC and I do not see why SRP
>>is not vulnerable to dictionary attacks.
>>If I have a working client software then I can use it to reveal
>>passwords. Isn't it a dictionary attack?
>>
>>
>
>Dictionary attack in this context means an eavesdropper records a
>session, then compares all the hashed passwords against a word list
>offline. If the attacker is allowed to make unlimited online queries,
>then he can guess at SRP passwords too. But the host should notice
>that and prevent it.
>
>
I see. So the eavesdropper records the random strings and the password
hash value sent.
Having these values, he can try to find a suitable password in his list
that will result in the same communication.
He can do this without having to connect to the server again, just by
replaying the algorithm for a given password
(and the same 'random' strings).
The difference in SRP is that the random strings are private, they will
never be sent over the network.
So they cannot be eavesdropped. Cracking SRP would require to calculate
the dividers of a product of
two very big primes (like in RSA). This is why it is hard to use
dictionary attacks - you cannot replay the
algorithm for a given password.
Thank you, I think I understand now.
Les
More information about the Python-list
mailing list