On Wed, Oct 10, 2012 at 4:24 PM, Marko Kreen <markokr@gmail.com> wrote:
> The SCRAM looks good from the quick glance.
SCRAM does have weakness - the info necessary to log in
as client (ClientKey) is exposed during authentication
process.
IOW, the stored auth info can be used to log in as client,
if the attacker can listen on or participate in login process.
The random nonces used during auth do not matter,
what matters is that the target server has same StoredKey
(same password, salt and iter).
It seems this particular attack is avoided by SRP.
This weakness can be seen as feature tho - it can be
used by poolers to "cache" auth info and re-connect
to server later. They need full access to stored keys still.
But it does make it give different security guaratees
depending whether SSL is in use or not.
--
marko
