def dict_attack(): found = False for p in pass_list: v = pow(g, sha256().intdigest(salt + p.encode()), N) s = pow(pk * pow(v, u, N), b, N) k = sha256().digest(int2bytes(s)) if sha256().hmac(salt, k).hex() == hmac: found = True break return p if found else None
def main(pk_value): # pk_value can be e.g. 0, N or N**2 pk_value = hex(pk_value)[2:] if len(pk_value) < 2: pk_value = '0' + pk_value url = 'http://localhost:5000/test' resp = requests.get(url + '?pk=' + pk_value) pk = int(resp.json()['pk'], 16) salt = bytes.fromhex(resp.json()['salt']) key = sha256().digest(b'\x00') hmac = sha256().hmac(salt, key) resp = requests.get(url + '?hmac=' + hmac.hex()) print(resp.text)
def session_key(self, salt, pk): self.salt = salt u = sha256().intdigest(self.publickey() + int2bytes(pk)) x = sha256().intdigest(salt + P) s = pow(pk - k * pow(g, x, N), self.priv + u * x, N) self.key = sha256().digest(int2bytes(s))
def hmac(self): return sha256().hmac(self.salt, self.key)
def session_key(self, pk): s = pow(int(pk, 16) * pow(self.v, self.u, N), self.priv, N) self.key = sha256().digest(int2bytes(s))
def __init__(self): super().__init__(N, g) self.salt = getrandbits(128).to_bytes(16, 'big') self.v = pow(g, sha256().intdigest(self.salt + P), N) self.u = getrandbits(128)
def __init__(self): super().__init__(N, g) self.salt = getrandbits(128).to_bytes(16, 'big') # This is what's stored server-side instead of the actual password: self.v = pow(g, sha256().intdigest(self.salt + P), N) self.key = None
def session_key(self, pk): u = sha256().intdigest(bytes.fromhex(pk) + self.publickey()) s = pow(int(pk, 16) * pow(self.v, u, N), self.priv, N) self.key = sha256().digest(int2bytes(s))
def session_key(self, salt, pk, u): self.salt = salt x = sha256().intdigest(salt + P) s = pow(pk, self.priv + u * x, N) self.key = sha256().digest(int2bytes(s))