1

Let's assume that attacker knows verifier, so now he can commit MitM attack.

1) Client sends A to Server

2) MITM takes it and sends B to client

While MITM knows the verifier, he also can compute the secret key. So every message from client encrypted by that key is not safe. How to deal with that?

If you don't know what is A and B, please take a look at documentation.

Tony
  • 111
  • 1
  • I think you may be better off asking this over on [crypto](http://crypto.stackexchange.com/). **Edit:** whoops, looks like [you did](http://crypto.stackexchange.com/questions/44708/why-srp-is-considered-to-be-resistant-to-mitm-attack). – MiaoHatola Mar 14 '17 at 19:17
  • 1
    I'm voting to close this question as off-topic because it is a [cross post](http://crypto.stackexchange.com/questions/44708/why-is-srp-considered-to-be-resistant-to-mitm-attack) that fits better on Cryptography. – Anders Mar 15 '17 at 12:55

0 Answers0