RustCrypto / PAKEs

Password-Authenticated Key Agreement protocols
106 stars 35 forks source link

srp: compute `K = H(S)` correctly. #166

Open zadlg opened 7 months ago

zadlg commented 7 months ago

srp: compute K = H(S) correctly.

According to the specification section The SRP protocol, K (which corresponds to the session key) is computed as follows:

K = H(S)

where H is the digest algorithm, and S is the common exponential value.

In the current implementation, K is equal to S, which does not follow the SRP protocol specification.

This commit fixes this issue by computing the right value for K.

tarcieri commented 6 months ago

See also #153 and #163, as well as RFC5054

zadlg commented 4 months ago

up

tarcieri commented 4 months ago

@zadlg your opinion on the existing PRs and any overlap and existing discussion would be appreciated

zadlg commented 4 months ago

Sorry, I didn't understand you were waiting for an answer from me.

I think the specification is quite clear, isn't it ?

tarcieri commented 4 months ago

Let me be a little more explicit: