Regarding the vulnerabilities exposed in SRP, notably the `u` value being calculated as H(A|B), one of the referenced documents (Thomas Wu's Stanford paper) [1] mentions the following:
> Since u is communicated publicly, it is possible to ``piggyback'' it on top of another public value, thus transmitting it implicitly. For example, both sides can compute u as a simple function of B, in which case Steve must wait for Carol to send out A before he sends back B and reveals u.
Assuming A and B are issued from secure RNGs, is the paper recommendation still safe against attacks (assuming the zero-case is handled) ?
> Since u is communicated publicly, it is possible to ``piggyback'' it on top of another public value, thus transmitting it implicitly. For example, both sides can compute u as a simple function of B, in which case Steve must wait for Carol to send out A before he sends back B and reveals u.
Assuming A and B are issued from secure RNGs, is the paper recommendation still safe against attacks (assuming the zero-case is handled) ?
[1] http://srp.stanford.edu/ndss.html#SECTION0003240000000000000...