W3C home > Mailing lists > Public > public-html-comments@w3.org > December 2009

keygen tag

From: Vlad Avdeev <vavdeev@gmail.com>
Date: Sat, 12 Dec 2009 05:23:45 +0100
Message-ID: <c9c0044e0912112023i3e0677e7w6a2b8b34d441d487@mail.gmail.com>
To: public-html-comments@w3.org
RSA is useless for WEB.  An eavesdropper acquire server public key,  client
public key, encrypted password, take a dictionary of passwords, encrypt
every possible passowd and compare result.  There is only one encription
needed to check one password from a dictionary or 30^6 checks to test all up
to 6 character passwords.
There is  RFC 2945 - The SRP Authentication and Key Exchange System .

RSA encryption will give a false sense of security to web programmers.
Received on Saturday, 12 December 2009 14:14:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:26 UTC