[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SCRAM methods
|
From: |
Jeremy Harris |
|
Subject: |
Re: SCRAM methods |
|
Date: |
Sun, 5 Jan 2020 16:31:05 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 |
On 03/01/2020 15:28, Jeremy Harris wrote:
> On 03/01/2020 14:40, Simon Josefsson wrote:
>> Clients should store the ClientKey:
>>
>> ClientKey := HMAC(SaltedPassword, "Client Key")
As far as I can tell, the client needs to additionally
store the ServerKey - otherwise the ClientKey is not enough
(it needs the salted-password in order to calculate the
ServerKey, to calculate the ServerSignature for comparison
with what comes over the wire, to validate the server).
>> This allows the client to perform the client-side authentication. An
>> attacker who steals the ClientKey cannot impersonate a server.
... though whether that still holds, if an attacker steals both,
I can't tell.
>>
>> Servers should store StoredKey and the ServerKey:
>>
>> StoredKey := H(ClientKey)
>> ServerKey := HMAC(SaltedPassword, "Server Key")
>
> ... along with salt, itercnt?
I have this coded (both libgsasl and exim) and apparently operational.
Please say if you want a copy of my hacking.
--
Cheers,
Jeremy
- Re: SCRAM methods, Simon Josefsson, 2020/01/03
- Re: SCRAM methods, Simon Josefsson, 2020/01/03
- Re: SCRAM methods, Jeremy Harris, 2020/01/03
- Re: SCRAM methods, Simon Josefsson, 2020/01/03
- Re: SCRAM methods, Jeremy Harris, 2020/01/03
- Re: SCRAM methods,
Jeremy Harris <=
- Re: SCRAM methods, Simon Josefsson, 2020/01/06
- Re: SCRAM methods, Jeremy Harris, 2020/01/06
- Re: SCRAM methods, Simon Josefsson, 2020/01/14
- Re: SCRAM methods, Jeremy Harris, 2020/01/14
- Re: SCRAM methods, Jeremy Harris, 2020/01/06
RE: SCRAM methods, - Neustradamus -, 2020/01/03
RE: SCRAM methods, - Neustradamus -, 2020/01/03
Re: SCRAM methods, Simon Josefsson, 2020/01/15