I trying to use SRP algorithm but I have some questions:
Is that a good choice to use for registration and authorization SRP algorithm with SSL/TLS? And for all other transmission using just SSL/TLS? I will use C# Sockets for implementation.
How to generate g, k, N? Is it safe to use these like app constants?
Is that SRP algorithm right?
//M-modulus, g-generator, k-multiplier, I-username, p-password, s-salt, v-pass verifier
Registration:
Client: s = randomString(); x = Hash(s, p); v = g^x %N;
sendToServer(I, s, v);
Server: save(I, s, v);
Authorization:
Client: a = random(); A = g^a %N;
sendToServer(I, A);
Server: if(A != 0) { b=random(); B = k*v + g^b %N;}
sendToClient(B, s);
u = Hash(A, B);
if(u == 0) abortConnection();
Client: if(B == 0) abortConnection();
u = Hash(A, B);
if(u == 0) abortConnection();
x = Hash(s, p);
S = ((B - k*(g^x %N)) ^ (a + u*x)) %N;
K = Hash(S);
Mc = Hash( Hash(N) XOR Hash(g), Hash(I), s, A, B, K);
sendToServer(M);
Server: S = ((A*(v^u %N)) ^ B) %N; K = Hash(S);
Ms = Hash( Hash(N) XOR Hash(g), Hash(I), s, A, B, K);
if(Mc == Ms) {Rs = Hash(A, M, K); sendToClient(Rs);}
Client: Rc = Hash(A, M, K);
if(Rc == Rs) ALL_OK();
-
For most applications I wouldn't bother with SRP. Put your effort into correctly validating the server's certificate/public key, and then simply send the password in plain over TLS.CodesInChaos– CodesInChaos2015年02月15日 17:27:13 +00:00Commented Feb 15, 2015 at 17:27
-
@CodesInChaos so you think that correctly configured TLS will be enough?konstantin_doncov– konstantin_doncov2015年02月15日 17:32:53 +00:00Commented Feb 15, 2015 at 17:32
-
1This was also posted on it security. Please don't post to multiple sites.mikeazo– mikeazo2015年02月16日 11:37:01 +00:00Commented Feb 16, 2015 at 11:37
-
@mikeazo Ok, sorry! I will.konstantin_doncov– konstantin_doncov2015年02月16日 23:04:26 +00:00Commented Feb 16, 2015 at 23:04
2 Answers 2
I would be very careful when implementing any security protocol on your own. It is very hard to get it right and most often by implementing complex secure protocol you actually compromise the security of the system if you don't get it right (e.g. wrong memory management, vulnerabilities to timing attacks, etc).
The general advise is to use audited, trusted (open-source) and maintained library to do crypto stuff. These libraries usually offer better performance as well, as they use specialized HW cryptography instructions (e.g. AES is supported very well in modern hardware, making it fast and not vulnerable to timing attacks).
So in the light of my answer, have a look at the library http://bouncycastle.org/ which should provide implementation of the SRP protocol.
Moreover, you should really consider the use case. Are you developing super secure mail server for millions of users, or do you just want to secure your home server with holiday photos? In the first case it is probably worth having very robust and secure system with state-of-art security algorithms. In the latter case, it isn't - good password and SSL will do :-).
2 Comments
OpenSSL has TLS-SRP.
For the values you are looking for, read RFC 5054.
- N, g, and k do not need to be secret.
- Poorly chosen N and g can compromise the security of the cryptographic calculations, so you should either know what you're doing, or pick the values recommended in the RFC.
- k, is calculated from N and g, so once you pick those, you can get k.
If you are interested in implementing the details of SRP, Google has code available in C - Google csrp code.
Comments
Explore related questions
See similar questions with these tags.