Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
SMP vs. SRP
Posted Jul 31, 2012 6:44 UTC (Tue) by idupree (subscriber, #71169)
SMP is symmetric and works only if both parties already know the secret (that's its purpose).
Do you see an obvious way to emulate SMP with SRP? (I haven't seen one.)
Posted Jul 31, 2012 12:42 UTC (Tue) by Otus (guest, #67685)
SRP requires setup, so I don't think everything you can do with SMP is possible with it.
Martin: Off the Record Messaging: A Tutorial
Posted Jul 31, 2012 14:00 UTC (Tue) by erwbgy (subscriber, #4104)
In brief, SRP is a protocol for authenticating a client using a username and password (or equivalent) and negotiating a session key for integrity and/or confidentiality protection of the subsequent session. So, it is like SSL but uses passwords instead of public-key certificates and doesn't require a trusted third party.
OTR is similar in that it also uses a shared secret and has perfect forward secrecy. It is different in that there is the concept of deniable authentication where it is not possible for outsiders to tell the difference between real and fake messages and it can use the socialist millionaire protocol for authentication, as mentioned above. So OTR is designed for a different use case.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds