Authentication that is not susceptible to dictionary attack
Sam Hartman
hartmans at MIT.EDU
Wed Jun 4 13:35:10 EDT 2003
There is standards activity discussion of various approaches to
dictionary attacks going on within the Kerberos working group of the
IETF. I suggest you look there for more details.
SRP has been discussed. It is unlikely to receive support within the
standards community because of patent problems. The licensing on the
SRP patent itself seems OK, but there may be other patents that cover
the technology.
Someone may write an informational draft covering SRP. MIT has not
taken a position on whether we would accept patches implementing such
a draft.
More information about the krbdev
mailing list