Looking back at my notes, I think my earlier comment was misleading. The offline... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tprynn on April 11, 2017 \| parent \| context \| favorite \| on: Secure Remote Password protocol Looking back at my notes, I think my earlier comment was misleading. The offline brute force was due to an insecure random number generator, which allowed an attack against B to recover b (and from there crack the 8 digit code). So, uh, ... I'm wrong on the internet. I think we've talked about this attack before actually :P

tptacek on April 11, 2017 [–]

Ok, that makes more sense! There are some pretty huge systems that would be very, very broken if the attack you accidentally described was viable. :)

I agree with you that SRP is worth avoiding.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact