mathijs/SRP-toy
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Toy implementation of SRP login flow
4 commits 2 branches 0 tags 28 KiB
Find a file
Exact
mvgorcum a9213f6e7b add a bit of documentation
2021-07-17 13:52:40 +02:00
.gitignore Initial commit 2021-07-17 11:16:47 +00:00
client.py add a bit of documentation 2021-07-17 13:52:40 +02:00
README.md small explanation of the flow 2021-07-17 13:37:21 +02:00
README.md.backup small explanation of the flow 2021-07-17 13:37:21 +02:00
server.py add a bit of documentation 2021-07-17 13:52:40 +02:00

README.md

SRP-toy

Toy implementation of SRP login flow, do not use for any form of production.

Username, password, salt, and the SRP group are hardcoded here. As is visible from the source the password is only present in the client.py and the server never learns the password.

To test this you can run the server.py and client.py in seperate processes. The client will first print the verifier, generated from the username and password. This is needed for registration, but this toy assumes registration has happened; the verifier is already hardcoded in server.py. The printed verifier can be used to check that this is indeed the same as on the server-side. (or, if you wish to play around and change the username, salt, and/or password, the verifier can be replaced on the server-side).

To go through the flow, first run server.py and copy the value for B, run client.py and input that copied value. Next the client returns the value for A and the proof-message M1. Copy A first, paste on the server-side, and copy M1, and paste on server-side next. The server-side will then respond with a successful (or failed) login, and M2, copy M2 to the client side and use that to authenticate the server to the client.