def dict_attack():
found = False
for p in pass_list:
v = pow(g, sha256().intdigest(salt + p.encode()), N)
s = pow(pk * pow(v, u, N), b, N)
k = sha256().digest(int2bytes(s))
if sha256().hmac(salt, k).hex() == hmac:
found = True
break
return p if found else None
def main(pk_value): # pk_value can be e.g. 0, N or N**2
pk_value = hex(pk_value)[2:]
if len(pk_value) < 2:
pk_value = '0' + pk_value
url = 'http://localhost:5000/test'
resp = requests.get(url + '?pk=' + pk_value)
pk = int(resp.json()['pk'], 16)
salt = bytes.fromhex(resp.json()['salt'])
key = sha256().digest(b'\x00')
hmac = sha256().hmac(salt, key)
resp = requests.get(url + '?hmac=' + hmac.hex())
print(resp.text)
def session_key(self, salt, pk):
self.salt = salt
u = sha256().intdigest(self.publickey() + int2bytes(pk))
x = sha256().intdigest(salt + P)
s = pow(pk - k * pow(g, x, N), self.priv + u * x, N)
self.key = sha256().digest(int2bytes(s))
def hmac(self):
return sha256().hmac(self.salt, self.key)
def session_key(self, pk):
s = pow(int(pk, 16) * pow(self.v, self.u, N), self.priv, N)
self.key = sha256().digest(int2bytes(s))
def __init__(self):
super().__init__(N, g)
self.salt = getrandbits(128).to_bytes(16, 'big')
self.v = pow(g, sha256().intdigest(self.salt + P), N)
self.u = getrandbits(128)
def __init__(self):
super().__init__(N, g)
self.salt = getrandbits(128).to_bytes(16, 'big')
# This is what's stored server-side instead of the actual password:
self.v = pow(g, sha256().intdigest(self.salt + P), N)
self.key = None
def session_key(self, pk):
u = sha256().intdigest(bytes.fromhex(pk) + self.publickey())
s = pow(int(pk, 16) * pow(self.v, u, N), self.priv, N)
self.key = sha256().digest(int2bytes(s))
def session_key(self, salt, pk, u):
self.salt = salt
x = sha256().intdigest(salt + P)
s = pow(pk, self.priv + u * x, N)
self.key = sha256().digest(int2bytes(s))
