Collaborate Disseminate
I have seen a few samples of SRP protocol used for web applications and I wonder why nobody ever uses it for RESTful authentication. I have done some research and I couldn’t find any single example, not even one. SRP together… Continue reading Why isn’t Secure Remote Password protocol being used in REST APIs?
We working on a new website we would like to use SRP protocol. So the salt and verifier are sent to the server, and in theory the server store them like that in a database.
If the DB is leaked, attacker could surely brute-for… Continue reading There is a recommanded solution to protect SRP verifier to be used if the DB is leaked?
For a new website (HTTPS with HSTS+HPKP), we would like to restrict login access only on authorized user’s devices. For that, there is a WebCrypto ECDSA public/private keys generated on each new device. The server store the public key of the new device and return a device ID. The browser save in an IndexedDB named « device » the private key (not extractable) and the device ID.
When the user register his account or want to authorize a new device, we ask him a password for this device, but we don’t want to save his password in server database.
We could use SRP protocol and send the salt & « verifier » to the server, but rather using the user password, we use a derivated password (WebCrypto PBKDF2 or Argon2 library)
Or we could use WebCrypto again to create new ECDSA keys, specific for this user on this device, and send the public key on the server. On the browser, we store in an IndexedDB named « base64(SHA-256(login) » this user private key but encrypted (wrapKey function) with AES-GCM algorithm and for the key we use the user password derivation (WebCrypto PBKDF2 or Argon2 external library). Then to login, the server send a challenge, a simple random string, the client return the signature of this challenge with this new user specific private key (so he need to known the good password to unwrap the key).
If our DataBase is leaked:
With SRP, the verifier can’t permit to guess easily the user password, but I suppose we need to ask a new password to all our users.
With WebCrypto, it’s only a public key. Users don’t need to change their password. EDIT: A downside is it’s possible to do multiple passwords check on the client side, for example if I known my victim I could try may be 1000 possible passwords on the JS Console to unwrap the user private key, without the need to contact the server.
Of course, if the IndexedDBs are deleted on the browser, this require for the user to start a process to recover his account (private question, OTP by email, whatever… it’s not the subject), but this is not specific to the WebCrypto option, it’s also happend for the SRP option because we need to detect the device ID and check their signature to be sure it’s a device authorized by the user.
Just for information, we also add U2F after this first authentification challenge.
In my specific case, do you recommend to use SRP challenge or this WebCrypto challenge please?
From this I understand that SRP is an algorithm that performs authentication and key exchange between a client and a server.
Consider two cipher suites like the following two, which algorithm would be used for key exchange … Continue reading SRP cipher suite
Im making a project that consist of a client/server system that requires TLS without PKI..
Design Requirements:
The client MUST authenticate that it’s communicating with ‘THE’ server
The server MUST authendicate that it’s … Continue reading TLS: is authentication and forward secrecy possible without PKI?
Let’s assume that attacker knows verifier, so now he can commit MitM attack.
1) Client sends A to Server
2) MITM takes it and sends B to client
While MITM knows the verifier, he also can compute the secret key. So every m… Continue reading SRP and compromised verifier
Greg Hetrick is a former Security Weekly intern, specializing in specializes in vulnerability management, penetration testing, and security architecture. He also has experience as a Unix/Linux sysadmin. Watch Greg give a technical segment on Windows SRPs in this week’s throwback! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly Continue reading THROWBACK – Windows Software Restriction Policies with Greg Hetrick (EP334)