#!/usr/bin/env python
# chal37.py - Break SRP with zero key.
#
# Copyright (C) 2015 Andrew J. Zimolzak <*****@*****.**>,
# and licensed under GNU GPL version 3. Full notice is found in
# the file 'LICENSE' in the same directory as this file.
from cryptopals import warn
from srp import Client, Server
from diffie_hellman import p as nist_prime
import random
me = Client(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
you = Server(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
print "For benign,",
me.logon_to(you)
assert me.K == you.K
assert me.salt == you.salt
failure = Client(nist_prime, 2, 3, '*****@*****.**', 'haha')
print "For built to fail,",
failure.logon_to(you)
assert failure.K != you.K
for k in range(0,11):
pw = ''
for i in range(8):
pw = pw + chr(random.randint(97,122))
print "A%N=0 password", pw,
sneak = Client(nist_prime, 2, 3, '*****@*****.**', pw, ntimes=k)
#!/usr/bin/env python
# chal38.py - Offline dictionary attack on simplified SRP
#
# Copyright (C) 2015 Andrew J. Zimolzak <*****@*****.**>,
# and licensed under GNU GPL version 3. Full notice is found in
# the file 'LICENSE' in the same directory as this file.
from cryptopals import warn
from srp import Client, Server
from diffie_hellman import p as nist_prime
import random
me = Client(nist_prime, 2, 3, '*****@*****.**', 'taurus', simple=True)
you = Server(nist_prime, 2, 3, '*****@*****.**', 'taurus', simple=True)
print "For benign,",
me.logon_to(you)
assert me.K == you.K
assert me.salt == you.salt
failure = Client(nist_prime, 2, 3, '*****@*****.**', 'haha', simple=True)
print "For built to fail,",
failure.logon_to(you)
assert failure.K != you.K
mallory = Server(nist_prime, 2, 3, '*****@*****.**', 'nopasswd', mitm=you)
print "\nFor MITM:"
me.logon_to(mallory)
warn("Passed assertions:", __file__)
#!/usr/bin/env python
# chal36.py - Implement secure remote password
#
# Copyright (C) 2015 Andrew J. Zimolzak <*****@*****.**>,
# and licensed under GNU GPL version 3. Full notice is found in
# the file 'LICENSE' in the same directory as this file.
from cryptopals import warn
from srp import Client, Server
from diffie_hellman import p as nist_prime
me = Client(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
you = Server(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
me.logon_to(you)
#### tests
assert me.K == you.K
assert me.salt == you.salt
warn("Passed assertions:", __file__)
#!/usr/bin/env python
# chal37.py - Break SRP with zero key.
#
# Copyright (C) 2015 Andrew J. Zimolzak <*****@*****.**>,
# and licensed under GNU GPL version 3. Full notice is found in
# the file 'LICENSE' in the same directory as this file.
from cryptopals import warn
from srp import Client, Server
from diffie_hellman import p as nist_prime
import random
me = Client(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
you = Server(nist_prime, 2, 3, '*****@*****.**', 'PASSW0RD1')
print "For benign,",
me.logon_to(you)
assert me.K == you.K
assert me.salt == you.salt
failure = Client(nist_prime, 2, 3, '*****@*****.**', 'haha')
print "For built to fail,",
failure.logon_to(you)
assert failure.K != you.K
for k in range(0, 11):
pw = ''
for i in range(8):
pw = pw + chr(random.randint(97, 122))
print "A%N=0 password", pw,
sneak = Client(nist_prime, 2, 3, '*****@*****.**', pw, ntimes=k)
from srp import Client, Server
if __name__ == '__main__':
client = Client()
serv = Server()
I = 'alice'
P = 'password123'
print(f'I = {I}, P = {P}')
print('Клиент: рассчитывает верификатор')
salt, verifier = client.compute_verifier(I, P)
print(f'Соль: {salt}')
print(f'Верификатор: {verifier}')
print('Клиент передаёт I, s, v на сервер')
print('Клиент: рассчитывает частные и публичные значения')
A = client.compute_client_values()
print(f'Клиент A: {A}')
print('Клиент передаёт A на сервер')
print('Сервер: рассчитывает частные и публичные значения')
B = serv.compute_server_values(I, verifier)
print(f'Сервер B: {B}')
print('Сервер передаёт B клиенту')
print('Клиент: рассчитывает скремблер и сессионный ключ')
client.compute_premaster_secret(salt, B)
M = client.compute_session_key(salt, B)
print('Сервер: рассчитывает скремблер и сессионный ключ')