| |||||||||||||
Martin: Off the Record Messaging: A TutorialMartin: Off the Record Messaging: A TutorialPosted Jul 31, 2012 6:12 UTC (Tue) by slashdot (guest, #22014)Parent article: Martin: Off the Record Messaging: A Tutorial
How does SMP compare to http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol, which appears to be a more common way of doing the same thing?
(Log in to post comments)
SMP vs. SRP Posted Jul 31, 2012 6:44 UTC (Tue) by idupree (subscriber, #71169) [Link]
As I understand it, SRP is an asymmetric protocol, useful for e.g. a client signing up on a website with a password the server will never know, so that the server can verify later that it's the same password as before without actually knowing what the password is.
SMP is symmetric and works only if both parties already know the secret (that's its purpose).
Do you see an obvious way to emulate SMP with SRP? (I haven't seen one.)
SMP vs. SRP Posted Jul 31, 2012 12:42 UTC (Tue) by Otus (guest, #67685) [Link]
> Do you see an obvious way to emulate SMP with SRP?
SRP requires setup, so I don't think everything you can do with SMP is possible with it.
Martin: Off the Record Messaging: A Tutorial Posted Jul 31, 2012 14:00 UTC (Tue) by erwbgy (subscriber, #4104) [Link] In brief, SRP is a protocol for authenticating a client using a username and password (or equivalent) and negotiating a session key for integrity and/or confidentiality protection of the subsequent session. So, it is like SSL but uses passwords instead of public-key certificates and doesn't require a trusted third party. OTR is similar in that it also uses a shared secret and has perfect forward secrecy. It is different in that there is the concept of deniable authentication where it is not possible for outsiders to tell the difference between real and fake messages and it can use the socialist millionaire protocol for authentication, as mentioned above. So OTR is designed for a different use case.
|
|||||||||||||