SRP verifier strength
Tom Holroyd
tomh at po.crl.go.jp
Wed Apr 4 14:34:24 EST 2001
On Tue, 3 Apr 2001, Tom Holroyd wrote:
> Measurement of SRP verifier strength against an offline dictionary attack.
>
> +------+----------+------+
> | bits | avg_wps | n |
> +------+----------+------+
> | 512 | 2123.036 | 40 |
> | 640 | 1588.509 | 40 |
> | 768 | 1381.072 | 80 |
> | 1024 | 1015.222 | 80 |
> | 1026 | 947.602 | 1680 |
> | 1280 | 742.186 | 40 | md5crypt level
> | 1536 | 576.117 | 40 |
> | 2048 | 368.924 | 40 |
> | 2049 | 357.929 | 1040 |
> +------+----------+------+
Another datapoint (measured the same way as before):
+------+----------+------+
| 4096 | 111.387 | 10 |
+------+----------+------+
~90 blowfish level
> For these rates, doubling the size of the prime increases the time to do
> the dictionary search by an average factor of approximately 2.5.
It's apparent that this isn't exactly a power law, but the regression line
now stands at about 2.6 (closer to 3 for just the large primes), and SRP
with a 4096 bit prime is getting close to the level of OpenBSD Blowfish
hashes. It's not slow enough to be noticable on this machine, either,
when used for authentication. You still shouldn't set your passphrase to
"green" though. :-)
Dr. Tom Holroyd
chmod 000 /
More information about the openssh-unix-dev
mailing list