securityauthenticationsslcryptographysrp-protocol

Questions about SRP algorithm

I trying to use SRP algorithm but I have some questions:

  1. Is that a good choice to use for registration and authorization SRP algorithm with SSL/TLS? And for all other transmission using just SSL/TLS? I will use C# Sockets for implementation.

  2. How to generate g, k, N? Is it safe to use these like app constants?

  3. Is that SRP algorithm right?

    //M-modulus, g-generator, k-multiplier, I-username, p-password, s-salt, v-pass verifier

    Registration:

    Client: s = randomString(); x = Hash(s, p); v = g^x %N;

    sendToServer(I, s, v);

    Server: save(I, s, v);

    Authorization:

    Client: a = random(); A = g^a %N;

    sendToServer(I, A);

    Server: if(A != 0) { b=random(); B = k*v + g^b %N;}

    sendToClient(B, s);

    u = Hash(A, B);

    if(u == 0) abortConnection();

    Client: if(B == 0) abortConnection();

    u = Hash(A, B);

    if(u == 0) abortConnection();

    x = Hash(s, p);

    S = ((B - k*(g^x %N)) ^ (a + u*x)) %N;

    K = Hash(S);

    Mc = Hash( Hash(N) XOR Hash(g), Hash(I), s, A, B, K);

    sendToServer(M);

    Server: S = ((A*(v^u %N)) ^ B) %N; K = Hash(S);

    Ms = Hash( Hash(N) XOR Hash(g), Hash(I), s, A, B, K);

    if(Mc == Ms) {Rs = Hash(A, M, K); sendToClient(Rs);}

    Client: Rc = Hash(A, M, K);

    if(Rc == Rs) ALL_OK();

Solution

  • I would be very careful when implementing any security protocol on your own. It is very hard to get it right and most often by implementing complex secure protocol you actually compromise the security of the system if you don't get it right (e.g. wrong memory management, vulnerabilities to timing attacks, etc).

    The general advise is to use audited, trusted (open-source) and maintained library to do crypto stuff. These libraries usually offer better performance as well, as they use specialized HW cryptography instructions (e.g. AES is supported very well in modern hardware, making it fast and not vulnerable to timing attacks).

    So in the light of my answer, have a look at the library http://bouncycastle.org/ which should provide implementation of the SRP protocol.

    Moreover, you should really consider the use case. Are you developing super secure mail server for millions of users, or do you just want to secure your home server with holiday photos? In the first case it is probably worth having very robust and secure system with state-of-art security algorithms. In the latter case, it isn't - good password and SSL will do :-).