W3C home > Mailing lists > Public > public-html-comments@w3.org > December 2009

keygen tag

From: Vlad Avdeev <vavdeev@gmail.com>
Date: Sat, 12 Dec 2009 05:23:45 +0100
Message-ID: <c9c0044e0912112023i3e0677e7w6a2b8b34d441d487@mail.gmail.com>
To: public-html-comments@w3.org
RSA is useless for WEB.  An eavesdropper acquire server public key,  client
public key, encrypted password, take a dictionary of passwords, encrypt
every possible passowd and compare result.  There is only one encription
needed to check one password from a dictionary or 30^6 checks to test all up
to 6 character passwords.
There is  RFC 2945 - The SRP Authentication and Key Exchange System .
http://en.wikipedia.org/wiki/Secure_remote_password_protocol

RSA encryption will give a false sense of security to web programmers.
Received on Saturday, 12 December 2009 14:14:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 1 June 2011 00:14:01 GMT