Contraseña remota segura (SRP) en términos simples

I am currently working on a project which involves authenticating users securely. I've been reading about SRP a lot, and still haven't managed to get my around the core concepts. I would be grateful if you could explain the idea, and implementation of SRP in laymen terms.

Note: Please don't post links to websites about SRP, as I'm sure I've googled and read most of them; unless it's a paper explaining SRP in a lucid language.

preguntado el 09 de enero de 11 a las 11:01

1 Respuestas

Start with both parties already having agreed a password.

In the first part of the protocol, both sides generate a random number and use some neat maths involving that and the password to agree a randomised shared secret. This is done in such a way that it's different every time (even though the password is the same), nobody listening on the wire can determine the shared secret, and it only works if both sides know the password. (The maths involved is based on the discrete logarithm problem, closely related to Diffie-Hellman.)

The parties then go on to prove to each other that they have both agreed the same shared secret (i.e. they both know the password), again without disclosing it to anybody listening. This takes more (different) neat maths.

Provided both sides are satisfied that they have the same shared secret, they can then derive session keys from it and start communicating under their choice of cipher.

Respondido el 10 de enero de 11 a las 03:01

so, do they store the agreed "password" somewhere? Can the password be compromised? - Anup

The server stores only a block of data derived from the password. The mechanisms used mean that it is not possible to determine the password from the data block, nor can the data block be used as if it was the password. - loco

So is this effectively equivalent (from a black box perspective) to me using a KDF to generate a public-private key pair, giving the public half to the server, then using standard public key authentication to authenticate future connections? - Ajedi32

@Ajedi32: If you're referring to how passwords are stored then yes, I'd say that's a reasonable way to think about it. The difficulty in dealing with passwords is how you avoid sending the password in plaintext on the wire, and that's one of the driving forces behind SRP. - loco

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.