RSA is useless for WEB. An eavesdropper acquire server public key, client public key, encrypted password, take a dictionary of passwords, encrypt every possible passowd and compare result. There is only one encription needed to check one password from a dictionary or 30^6 checks to test all up to 6 character passwords. There is RFC 2945 - The SRP Authentication and Key Exchange System . http://en.wikipedia.org/wiki/Secure_remote_password_protocol RSA encryption will give a false sense of security to web programmers.Received on Saturday, 12 December 2009 14:14:34 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 1 June 2011 00:14:01 GMT