Esempio n. 1
0
def try_simplified_SRP_password(state, guess):
    # hmac(K, salt) =
    # hmac(sha256(S), salt) =
    # hmac(sha256((A * v ** u)**b % n), salt) =
    # hmac(sha256((A * ((g**x)** u))**b % n), salt) =
    # hmac(sha256((A * ((g**SHA256(salt|password))** u))**b % n), salt) =
    # and now we're down to thinks we know (minus password)
    x = sha256(intToBytes(state["salt"]) + guess).hexdigest();
    v = mypow(state["g"], int(x, 16), state["p"]);
    v_u = mypow(v, state["u"], state["p"]);
    S = mypow(state["A"] * v_u, state["b"], state["p"]);
    mychal = myhmac(sha256, sha256(intToBytes(S)).digest(), intToBytes(state["salt"]));
    return mychal == state["challenge"];
Esempio n. 2
0
def simplified_SRP_validate(state):
    expected = myhmac(sha256, state["S_K"], intToBytes(state["salt"]));
    return expected == state["challenge"];
Esempio n. 3
0
def simplified_SRP_step6(state):
    state["challenge"]  = myhmac(sha256, state["C_K"], intToBytes(state["salt"]));
    return state;