I looked it up.
One problem with this protocol imho is extensive use of modular
exponentiation. This operation is heavy. The login procedure would be
cpu-intensive.
Second - the protocol covers secure authentication. Data is sent unencrypted
anyway. I think it is not wise to spending a lot of effort on secure login
without securing the data channel. "Building secure PgSQL" would be an
interesting subject of discussion though.
Gene Sokolov.
From: Mattias Kregert <matti@algonet.se>
> Another nice thing with SRP is that it is a mutual authentication. A
> third party cannot say "hey i'm the server, please connect to me. Sure,
> your password is correct, start sending queries... INSERT? ok, sure,
> INSERT 1 1782136. go on..." and steal a lot of data... the SRP client
> always knows if it is talking to the real thing. No more third party
> attacks...
> http://srp.stanford.edu/srp/others.html
>
> /* m */
