

Some problems with SQRL - RickHull
http://grymoire.wordpress.com/2013/10/09/the-problem-with-sqrl/

======
cvrajeesh
I don't agree with his point "SQRL:// is a bad idea" because custom scheme is
only for launching the SQRL app nothing else and the data that is passed
through URL will be a random value

------
khulat
I think that basically all concerns that are raised are invalid, because the
person who posted them doesn't understand how SQRL works.

See [https://www.grc.com/sqrl/sqrl.htm](https://www.grc.com/sqrl/sqrl.htm) for
an explanation, which differs drastically from everything that is described in
the post.

------
mtp0101
There's a bit where he implies that if an encryption process doesn't take very
long to execute on a smartphone, then it must be easy to crack the resulting
file on a powerful server. Am I making a mistake here?

~~~
willvarfar
Yes, its confused.

Scrypt can be held up as a very good choice for key stretching.

------
savszymura
I hope these concerns were contributed to GRC's newsgroups.

