danog/fast-srp
1
0
Fork 0
mirror of https://github.com/danog/fast-srp.git synced 2024-11-30 04:19:18 +01:00
Code Issues Projects Releases Wiki Activity

Prettyfiing !

Browse Source
This commit is contained in:
Zarmack Tanen 2015-09-07 16:01:38 +02:00
parent fd975f9e42
commit 7fe7982d22
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SRP Design.md
View File

@ -11,6 +11,7 @@ their shortcomings.
The following is a description of SRP-6 and 6a, the latest versions of SRP: The following is a description of SRP-6 and 6a, the latest versions of SRP:
```
N A large safe prime (N = 2q+1, where q is prime) N A large safe prime (N = 2q+1, where q is prime)
All arithmetic is done modulo N. All arithmetic is done modulo N.
g A generator modulo N g A generator modulo N
@ -25,17 +26,20 @@ The following is a description of SRP-6 and 6a, the latest versions of SRP:
A,B Public ephemeral values A,B Public ephemeral values
x Private key (derived from p and s) x Private key (derived from p and s)
v Password verifier v Password verifier
```
The host stores passwords using the following formula: The host stores passwords using the following formula:
```
x = H(s, p) (s is chosen randomly) x = H(s, p) (s is chosen randomly)
v = g^x (computes password verifier) v = g^x (computes password verifier)
```
The host then keeps {I, s, v} in its password database. The host then keeps {I, s, v} in its password database.
The authentication protocol itself goes as follows: The authentication protocol itself goes as follows:
```
User -> Host: I, A = g^a (identifies self, a = random number) User -> Host: I, A = g^a (identifies self, a = random number)
Host -> User: s, B = kv + g^b (sends salt, b = random number) Host -> User: s, B = kv + g^b (sends salt, b = random number)
@ -47,16 +51,16 @@ Host -> User: s, B = kv + g^b (sends salt, b = random number)
Host: S = (Av^u) ^ b (computes session key) Host: S = (Av^u) ^ b (computes session key)
Host: K = H(S) Host: K = H(S)
```
Now the two parties have a shared, strong session key K. To complete Now the two parties have a shared, strong session key K. To complete
authentication, they need to prove to each other that their keys match. authentication, they need to prove to each other that their keys match.
One possible way: One possible way:
```
User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K) User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
Host -> User: H(A, M, K) Host -> User: H(A, M, K)
```
The two parties also employ the following safeguards: The two parties also employ the following safeguards: