Stack Overflow
Stack Overflow

Questions tagged [srp-protocol]

The Secure Remote Password protocol (SRP) is a password-authenticated key agreement protocol in order to establish an encrypted channel based on a password.

37 questions
2
votes
0 answers

How to setup TLS-SRP protocol on client and WebAPI REST server

I would like to use the TLS-SRP protocol to secure the communication between a mobile app client and a WebAPI REST server. My primary reason is to avoid using self-signed certificate stored on the device or hardcoded for security reason (breach,…
gfache
  • 606
  • 6
  • 15
2
votes
1 answer

boost::multiprecision::powm differs from BigInteger#modPow in Java

I am trying to reimplement SRP protocol for AWS Cognito in C++ with Boost and looking at Android implementation from Amazon. I faced an issue where powm function with the same argument returns different results in Java and in C++. Below are real…
atlascoder
  • 2,746
  • 3
  • 26
  • 34
2
votes
0 answers

WCF using TLS and Secure Remote Password (SRP)

Secure Remote Password is described in RFC 5054, however I don't see any specific support for this in .NET or WCF. Has anyone come across this where it is baked into the .NET libraries. I realize OpenSSL is an option here but I'm trying to avoid…
Pale Ale
  • 478
  • 7
  • 11
2
votes
0 answers

Secure Remote Password Protocol SRP and Spring Security

I am trying to find more information about spring security implementation (if any) of SRP (Secure remote Password protocol) version 6 and above. Jboss has already implementation of the this…
Tito
  • 2,234
  • 6
  • 31
  • 65
1
vote
0 answers

AWS cognito SRP calculations on JS browser app

I'm a webDev and I need to integrate a login page using AWS cognito User Pools. I can't use the integrated UI so I'm using @aws-sdk/client-cognito-identity-provider. I'm not in a secure server environment and can't keep secrets so I'd like to use…
antoine david
  • 65
  • 5
1
vote
0 answers

Secure Remote Password Issue of hashing in C#

I want to write a function in C# that do the same thing as the function shown here; PHP and Python are both working, but the last one in C# does not work. I do not know what I am doing wrong, I cannot even debug because the hash is always different,…
Emil Emy
  • 11
  • 1
1
vote
2 answers

Is there a way to use GMP libraries in node.js to credentials with SRP6

I search a way to use the equivalent of the following PHP functions in Node.js after searching a while I found nothing working in my case: gmp_init gmp_import gmp_powm gmp_export The idea is to rewrite this php code in js: function…
miorey
  • 828
  • 8
  • 19
1
vote
0 answers

Security protocol between web client and Java server

I'm trying to develop a security layer between a web client (HTML) and a server. Due to technical limitations HTTPS can't be enabled. How can I secure the server so that only requests from trusted sources are processed? I have looked into Nimbus SRP…
Raimundo
  • 605
  • 7
  • 21
1
vote
1 answer

Why dropping leading all zeros byte in a java byte array before hashing

This question is about operations that are being done to the byte arrays before they are being hashed in java. I am trying understand why in multiple srp crypto libraries the leading zero byte (in case there is one) is being dropped before it is…
Tito
  • 2,234
  • 6
  • 31
  • 65
1
vote
1 answer

Example usage of SRP session keys

I'm writing my first login system for a game. Decided on SRP and have successfully implemented that interaction. The client and server have the same session keys now. How do I use them? All the info about it says that it can be used for encrypted…
douggard
  • 692
  • 1
  • 12
  • 29
1
vote
0 answers

how to pass password file to openssl srp

I'm trying to pass password to the openssl srp through a file using -passin param as below but im getting errors. openssl srp -verbose -passin file:password.srpv.attr -srpvfile password.srpv -add -gn 3072 user and I'm getting the following error…
Shankar SM
  • 11
  • 2
1
vote
1 answer

Different Session Keys in SRP6

I am trying to implement SRP6 in Erlang using the crypto module but I cannot get the session keys to match. I am using a 256 bit prime number. When I use a 1024 bit prime number, they match though. I have left out the optional scrambler param in…
Jamie Clinton
  • 286
  • 1
  • 2
  • 9
1
vote
0 answers

different Session Keys in SRP6a

i tried to use implementing of srp6 spr4net (https://code.google.com/p/srp4net/) in my solution. So, i rewrited client side from javascript to C# to my WinForm App. And wondered, that session keys just doesn't match! I tried all day long to work it…
animekun
  • 1,789
  • 4
  • 28
  • 45
0
votes
0 answers

"ERROR NotAuthorizedException: Incorrect username or password" when authenticating with Cognito using AuthFlow: 'USER_SRP_AUTH' in angular

I am implementing in my angular project an authentication with Cognito using SRP(Secure remote password), I am following the documentation of the necessary methods to implement them, as seen below in these…
BRUNO
  • 13
  • 1
0
votes
1 answer

How do I use InitiateAuth command (@aws-sdk/client-cognito-identity-provider) to trigger SRP Authentication followed by CUSTOM_CHALLANGE?

Desired Flow: Begin with Cognito SRP flow to verify user's username and password combination If Username and password are correct, then move to CUSTOM_CHALLENGE Upon completion of CUSTOM_CHALLENGE (OTP verification), then issue token When logging…
blimkt
  • 31
  • 2
1
2
3